Security audit

拟人动物化妆变身视频

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed WeryAI video-generation helper that uses an API key and network calls, with no evidence of hidden local data access, persistence, or destructive behavior.

Install only if you trust WeryAI and are comfortable sending prompts and any image inputs or URLs to that provider. Use a dedicated WERYAI_API_KEY where possible, check WERYAI_BASE_URL before use, and confirm parameters because generation may consume account credits.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill explicitly relies on an API key in the environment and invokes a Node script that performs outbound API calls, yet the manifest does not declare corresponding permissions. This creates a transparency and governance gap: users and platforms may not realize the skill can access secrets and the network, which undermines consent, review, and sandbox policy enforcement.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 94% confidence
Finding: The documented purpose is narrowly framed as a makeup-transformation video generator, but the referenced implementation appears to support broad text/image-to-video generation, task-status queries, and model-registry access with general parameters. That mismatch is dangerous because it hides materially broader functionality from users and reviewers, making policy bypass, misuse, or unexpected data handling more likely.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical

Code: suspicious.env_credential_access
Location: scripts/video_gen.js:22