收纳整理解压视频

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed WeryAI organizing-video generator that uses a paid API key and may upload chosen images, but its risky behavior is documented and user-confirmed.

Install only if you trust WeryAI and this package with your prompts, selected images, paid quota, and WERYAI_API_KEY. Use dry-run first, prefer public HTTPS image URLs, and provide a local file path only when you intentionally want that exact image uploaded to WeryAI.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The eval includes an implicit-domain trigger phrase in natural language without requiring an explicit skill invocation or tighter routing constraints. This can cause the skill to activate on ambiguous user requests, leading to unintended use of a video-generation capability and possible paid API usage when the model overgeneralizes from loosely related prompts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal