铁锈老物件翻新修复视频

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed WeryAI rust-restoration video generator, with a sensitive but documented local-image upload option.

Install only if you trust the publisher and are comfortable providing a WeryAI API key. Prefer public HTTPS image URLs. If you use a local image path, confirm the exact path first because the script will read that file and upload it to WeryAI.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The implicit trigger test uses a broad natural-language phrase about rust restoration video generation without a clear invocation boundary, which can cause the skill to trigger on ordinary conversational requests that merely mention the domain. In an agent setting, overly broad triggers increase the chance of unintended tool activation, potentially sending user content or local resources into the skill workflow without sufficiently explicit user intent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal