Back to skill

Security audit

Save upto 50% for model tokens: OpenAI GPT, Claude, Gemini, Qwen, Deepseek, Grok and more with one single key

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward AIsa LLM-router skill, with the main consideration that prompts, image URLs, and the AISA API key are sent to the documented external API.

Install only if you are comfortable routing selected prompts, conversation content, image references or image data, and request metadata through AIsa and potentially downstream model providers. Use a protected API key, avoid sending secrets or regulated data unless approved, monitor usage and cost, and rotate the key if exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill metadata declares required binaries and an API-key environment variable, and the markdown clearly instructs users to send requests over the network, but it does not declare any explicit permissions or provide a clear trust boundary. This creates a transparency and review gap: an agent may expose secrets and transmit user data externally without a permission model making that behavior obvious.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README encourages users to send prompts and image URLs through a third-party gateway but does not clearly disclose that user content and metadata are transmitted to an external service. In an agent skill context, this omission is security-relevant because operators may assume model calls are direct to the named provider rather than proxied through AIsa, leading to unintended disclosure of sensitive prompts, documents, or internal URLs.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This section instructs users to send prompts, message history, and potentially images to a third-party endpoint, but it does not prominently warn that sensitive user content will leave the local environment and be processed by an external provider. In an agent setting, this can lead to unintended disclosure of confidential prompts, files, or image contents.

External Transmission

Medium
Category
Data Exfiltration
Content
client = OpenAI(
    api_key=os.environ["AISA_API_KEY"],
    base_url="https://api.aisa.one/v1"
)

response = client.chat.completions.create(
Confidence
87% confidence
Finding
https://api.aisa.one/

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.