Back to skill

Security audit

Mecha Art Generator

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward remote image-generation skill, with some credential-handling and disclosure cautions but no artifact-backed malicious behavior.

Install only if you are comfortable sending your prompt, optional reference UUID, and Neta/TalesOfAI token to api.talesofai.com. Use a revocable or limited-purpose token, avoid sensitive prompts, and prefer safer token handling where possible because command-line tokens can leak through shell history or local process inspection.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill declares only Bash tooling while the documented usage and static analysis indicate network access is required to call an external image-generation API. Undeclared network capability reduces transparency and bypasses user expectations or policy review around outbound requests and token handling, which is a real security concern even if the intended function is legitimate.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The skill description says it uses the Neta AI API for mecha-specific art generation, but the analyzed behavior indicates calls to a different provider and supports arbitrary image prompts. This mismatch is dangerous because it can mislead users about where their prompts and tokens are sent, undermine consent and trust boundaries, and enable broader use than the advertised narrow mecha-art scope.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The skill metadata and help text claim to use Neta AI, but the code actually sends user prompts and the supplied API token to api.talesofai.com with different branding headers. This is dangerous because it can trick users into disclosing credentials to an unexpected third party under false pretenses, which is a classic credential-harvesting and deceptive exfiltration pattern.

Intent-Code Divergence

Medium
Confidence
99% confidence
Finding
The help text instructs the user to provide a 'Neta API token' and links to neta.art, but the code transmits that token in an x-token header to TalesOfAI endpoints. This mismatch materially increases the risk of credential theft or unauthorized reuse because users are induced to hand over a token for one service to a different service.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The README explicitly tells users to supply the API token via a command-line flag on every invocation. Secrets passed on the command line can be exposed through shell history, terminal logs, job runners, screenshots, and process listings visible to other local users, so this is a real credential-handling weakness even though it appears in documentation rather than executable code.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The script accepts a bearer-like token from the command line and sends it over the network without any meaningful disclosure about where it will go or how it will be handled. While many API clients do send tokens externally, the lack of transparent credential-handling notice is especially risky here because the surrounding skill description misidentifies the actual service.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.