Back to skill

Security audit

IceCube Avatar Clone

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only guide for creating AI avatar videos; its sensitive media and API-key use are expected for that purpose but should be handled carefully.

Safe to install as a guide. Before using the services it recommends, upload only media you own or are authorized to use, protect API keys, confirm costs, review each vendor's privacy and retention policies, and clearly label AI-generated avatar content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill instructs users to upload photos or videos to third-party avatar platforms but does not warn about biometric privacy, retention, consent, or cross-border data-sharing risks. Because facial images and voice-linked media are sensitive personal data, omitting privacy guidance can lead users to expose regulated or high-risk data without informed consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.