Security audit

Mecha Art Generator

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward remote image-generation skill, with some credential-handling and disclosure cautions but no artifact-backed malicious behavior.

Install only if you are comfortable sending your prompt, optional reference UUID, and Neta/TalesOfAI token to api.talesofai.com. Use a revocable or limited-purpose token, avoid sensitive prompts, and prefer safer token handling where possible because command-line tokens can leak through shell history or local process inspection.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 84% confidence
Finding: The skill declares only Bash tooling while the documented usage and static analysis indicate network access is required to call an external image-generation API. Undeclared network capability reduces transparency and bypasses user expectations or policy review around outbound requests and token handling, which is a real security concern even if the intended function is legitimate.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 93% confidence
Finding: The skill description says it uses the Neta AI API for mecha-specific art generation, but the analyzed behavior indicates calls to a different provider and supports arbitrary image prompts. This mismatch is dangerous because it can mislead users about where their prompts and tokens are sent, undermine consent and trust boundaries, and enable broader use than the advertised narrow mecha-art scope.

Description-Behavior Mismatch

Medium

Confidence: 98% confidence
Finding: The skill metadata and help text claim to use Neta AI, but the code actually sends user prompts and the supplied API token to api.talesofai.com with different branding headers. This is dangerous because it can trick users into disclosing credentials to an unexpected third party under false pretenses, which is a classic credential-harvesting and deceptive exfiltration pattern.

Intent-Code Divergence

Medium

Confidence: 99% confidence
Finding: The help text instructs the user to provide a 'Neta API token' and links to neta.art, but the code transmits that token in an x-token header to TalesOfAI endpoints. This mismatch materially increases the risk of credential theft or unauthorized reuse because users are induced to hand over a token for one service to a different service.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The README explicitly tells users to supply the API token via a command-line flag on every invocation. Secrets passed on the command line can be exposed through shell history, terminal logs, job runners, screenshots, and process listings visible to other local users, so this is a real credential-handling weakness even though it appears in documentation rather than executable code.

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: The script accepts a bearer-like token from the command line and sends it over the network without any meaningful disclosure about where it will go or how it will be handled. While many API clients do send tokens externally, the lack of transparent credential-handling notice is especially risky here because the surrounding skill description misidentifies the actual service.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.