Back to skill

Security audit

空间改造焕新视频

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed WeryAI room-makeover video helper that uses a paid API key and can upload user-approved images, with no hidden persistence or destructive behavior found.

Install only if you trust the WeryAI service and are comfortable setting WERYAI_API_KEY for paid generation. Prefer public HTTPS image URLs. If using a local image path, confirm the exact file before upload and do not provide sensitive private files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill requires network access and an environment secret (`WERYAI_API_KEY`) but does not declare explicit permissions, which weakens installer/runtime transparency and can cause users to grant trust without understanding the actual capability surface. In this skill's context, that matters because it can call external APIs and potentially upload local images, so under-declared capabilities increase the chance of unintended data exposure or secret misuse.

Tp4

High
Category
MCP Tool Poisoning
Confidence
92% confidence
Finding
The skill is presented as a narrow room-makeover video generator, but the documented behavior includes broader text-to-video generation, model enumeration, task polling, and optional local image upload to a third-party service. This mismatch is dangerous because users may authorize or invoke the skill assuming a constrained aesthetic workflow, while it actually has a much wider operational scope and can transmit user-provided or local content externally.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The documentation explicitly authorizes a path where non-HTTPS image inputs are treated as local filesystem paths, read from disk, and uploaded to a remote WeryAI endpoint. That expands the skill from remote video generation into local file access and exfiltration, which is a meaningful security boundary change and can leak sensitive local images or unintended files if an agent follows these instructions automatically.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill documentation describes reading arbitrary local image files and sending them to a remote upload service, but that capability is not necessary for the stated room-makeover video use case and increases the chance of unintended data disclosure. In an agent setting, such instructions can normalize accessing local files that the user did not intend to expose, especially when the feature is framed as an 'advanced' convenience path.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The implicit trigger prompt is overly broad and can activate the skill from a loosely related natural-language request without clear gating conditions. In an agent environment, this increases the chance of accidental or adversary-induced invocation, causing the model to route unrelated user input into this skill and potentially execute unintended actions or bypass safer task selection.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.