Kinetic Sand Video

Security checks across malware telemetry and agentic risk

Overview

This WeryAI kinetic-sand video skill is disclosed and purpose-aligned, but it needs a WeryAI API key and can spend paid generation credits.

Install only if you are comfortable giving this skill access to your WeryAI API key and sending prompts or public image URLs to WeryAI. Keep the key out of files, review the expanded prompt and parameters before confirming, and expect successful runs to consume WeryAI credits.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The implicit trigger test uses a broad, domain-style prompt in Chinese that describes kinetic sand content but does not clearly constrain activation to an explicit skill call or uniquely identify the skill boundary. This can cause over-triggering, where the skill activates on generic sand-video requests and interferes with normal routing or other skills, especially in multilingual settings.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal