Security audit

sages-stash

Security checks across malware telemetry and agentic risk

Overview

The skill claims to return safe images for NSFW requests, but its own API example asks for R18 content, so users should review it before installing.

Install only if you are comfortable with a skill that contacts a third-party image API and may return adult Pixiv-derived image links despite claiming to return non-R18 content. The publisher should change the API request to the non-R18 setting, validate the r18 field before returning URLs, and narrow the trigger phrases.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Intent-Code Divergence

High

Confidence: 99% confidence
Finding: The skill claims it fetches a non-R18 image, but the documented API call explicitly sets r18=1, which requests adult content. This creates a direct safety-policy mismatch and can cause the agent to return sexual content when the surrounding description implies a safe substitution behavior.

Intent-Code Divergence

High

Confidence: 99% confidence
Finding: The inline comment falsely states that r18=1 is required for filtering, when that parameter actually requests R18 material. Misleading instructions like this increase the likelihood that implementers or agents will intentionally retrieve adult content under the guise of safety filtering.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger list includes broad phrases such as 'hot girls' and 'sexy', which can activate in ambiguous or everyday contexts and cause the skill to run unexpectedly. In a skill that performs external fetches and may return sexualized imagery, overbroad activation meaningfully increases the chance of unintended unsafe behavior.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill does not clearly warn that it will contact a third-party service and return third-party-hosted image URLs. This reduces transparency and informed consent, and in context is more concerning because the requested content may be adult or sensitive.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The eval prompt "来点刺激的" is highly ambiguous and overlaps with ordinary conversational language, which can cause the skill to trigger or be judged on broad user inputs unrelated to a clearly scoped capability. In this skill, the prompts are sexually suggestive while the expected behavior is to return a non-R18 image URL, creating a mismatch that could normalize unsafe sexual-content requests and make routing or safety behavior unpredictable.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.