Back to skill

Security audit

fal

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent fal.ai helper that makes expected API calls, uses a fal.ai key, can upload chosen media, and saves generated outputs locally.

Install only if you are comfortable giving the agent access to a fal.ai API key, sending prompts and selected media to fal.ai, potentially spending fal account credits, and keeping generated outputs on disk under ~/.fal/sessions. Double-check file paths before using /fal upload and avoid sensitive media unless you understand fal.ai's handling and retention policies.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Vague Triggers

Medium
Confidence
83% confidence
Finding
The README encourages broad natural-language requests like 'Generate an image of a sunset over mountains' and 'Turn this photo into a video,' which can cause the skill to activate on loosely related user prompts without clearly signaling that an external service call and file download will occur. In an agentic environment, overly broad invocation guidance increases the chance of unintended execution, especially when the skill can upload user media and retrieve generated artifacts automatically.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README does not clearly warn that user prompts, uploaded files, and other media are transmitted to fal.ai services for processing. In a skill that supports image, video, audio, and file upload workflows, this omission creates meaningful privacy and data-handling risk because users may unknowingly send sensitive content to a third party.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README does not clearly warn that user prompts, uploaded files, and other media are transmitted to fal.ai services for processing. In a skill that supports image, video, audio, and file upload workflows, this omission creates meaningful privacy and data-handling risk because users may unknowingly send sensitive content to a third party.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill supports uploading a user-specified file to a remote fal CDN, but the skill description and command guidance do not clearly warn that local files will be transmitted off-host to a third-party service. This can cause unintended disclosure of sensitive local data if a user or agent invokes upload without understanding the data leaves the local environment.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The skill states that generated files are saved under ~/.fal/sessions/${CLAUDE_SESSION_ID}, but it does not present this as a user-facing warning about persistent local storage. Users may assume outputs are transient, leading to accidental retention of sensitive prompts, generated media, or downloaded results on disk.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The reference includes `image_url` and `audio_url` parameters for external model inference without warning that user-supplied media will be sent to a third-party service. This can lead to unintended disclosure of sensitive images, audio, or metadata if an agent uses these examples directly with private user content.

Session Persistence

Medium
Category
Rogue Agent
Content
RESULT=$(curl -s "https://queue.fal.run/$1/requests/$REQUEST_ID" \
  -H "Authorization: Key $FAL_KEY")

# Create session output folder
mkdir -p ~/.fal/sessions/${CLAUDE_SESSION_ID}

# Download images/videos
Confidence
86% confidence
Finding
Create session output folder mkdir -p ~/.fal/sessions/${CLAUDE_SESSION_ID} # Download images/videos # For images: jq -r '.images[0].url' and curl to download # Save as: ~/.fal

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.