Back to skill

Security audit

z-article-card

Security checks across malware telemetry and agentic risk

Overview

This skill locally turns user-provided article text into PNG card images, and its file and browser use fit that purpose.

Install only if you are comfortable with a skill running local Python and Chrome/Chromium to render text into images. Prefer rendering content you trust, choose an output directory you control, and review branding/footer defaults before sharing generated cards.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
82% confidence
Finding
The skill declares no permissions, yet its documented behavior explicitly uses local script execution via Python and browser tooling, which implies shell and filesystem access. This is dangerous because operators and policy engines may trust the manifest as low-privilege while the skill can actually read local files and invoke external programs, increasing the chance of unintended data exposure or execution beyond expected scope.

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
A description-behavior mismatch is a real security concern here because the skill presents itself as a narrow article-to-card renderer, while the analysis indicates broader template/poster generation, icon selection, and word-level highlighting features. Hidden or undeclared functionality reduces reviewability and can mask risky behaviors, making it easier for the skill to be invoked in unanticipated contexts or to process content in ways users and defenders did not authorize.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal