AADDYY AI Tools

Security checks across malware telemetry and agentic risk

Overview

This is a coherent third-party MCP integration for AADDYY AI tools, with privacy, cost, and content-use considerations users should understand before installing.

Install only if you are comfortable running AADDYY's npm MCP server and sending relevant prompts, URLs, and media to AADDYY. Use a dedicated API key, monitor credit usage, avoid submitting confidential data unless approved, and use tools such as watermark removal or site analysis only where you have the right to do so.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill routes user requests through an external MCP server and backend API, but the description and setup do not clearly warn that prompts, URLs, and uploaded/generated content may be transmitted to AADDYY infrastructure for processing. This can lead users to share sensitive data under the assumption the capability is local, creating privacy and data-handling risk.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill advertises broad capabilities including website SEO analysis, image/video generation, watermark removal, and prompt extraction without warning about privacy, copyright, or sensitive-content implications. In this context, users may analyze third-party sites, upload private media, or generate potentially infringing content without informed consent or policy boundaries.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal