Back to skill

Security audit

Selfie Art Generator

Security checks across malware telemetry and agentic risk

Overview

This is a small image-generation skill that sends user-provided prompts and a Neta token to a disclosed external API, with no hidden persistence or destructive behavior found.

Install only if you are comfortable sending prompts, optional reference image UUIDs, and your Neta token to the Neta/TalesOfAI service. Use a dedicated or low-privilege token if available, avoid sensitive personal or confidential prompt content, and rotate the token if it appears in logs, shell history, or shared command output.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill declares only the Bash tool and omits any explicit network permission, yet its documented usage depends on calling an external API with a secret token and returning a remote image URL. This creates a permission/transparency gap: users and enforcement systems may not realize the skill performs outbound network access or transmits credentials and prompts to a third party.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The skill metadata claims it uses the Neta AI API, but the implementation sends data and credentials to Tales of AI endpoints instead. This mismatch is dangerous because users may consent to one vendor while their prompts, reference identifiers, and token are actually transmitted to a different service, creating a supply-chain and trust-boundary violation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README advertises image generation and token setup but does not clearly disclose that user prompts and optional reference-image UUIDs are transmitted to a third-party service. Users may unknowingly send sensitive personal descriptions or image references off-platform, creating privacy and data-handling risk, especially for selfie-related content that can be highly personal.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The code transmits the user's prompt and optional reference UUID to an external API without any explicit notice at runtime. In a selfie-art context, prompts and reference IDs may relate to personal images or profile data, so silent transmission increases privacy risk and may violate user expectations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Collecting an authentication token via a CLI flag exposes it to shell history, process listings, and logging systems on many platforms. Because the token is then forwarded in request headers, accidental disclosure could let others use or abuse the associated account or API credits.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.