ClawHub
Back to skill

Security audit

Podcast Cover Generator

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward podcast-cover generator that sends your prompt and API token to a documented image service, with token-handling cautions but no hidden persistence or destructive behavior found.

Install only if you are comfortable sending your podcast-cover prompt, optional reference image UUID, and Neta token to api.talesofai.com. Prefer expanding a token from a shell variable over typing the secret directly, avoid sensitive prompt content, and rotate the token if it appears in shell history, logs, or CI output.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill declares only the Bash tool while its documented behavior clearly requires outbound network access to call an external image-generation API. This hidden capability weakens transparency and reviewability, making it easier for a user or platform to invoke remote requests without understanding that prompts, tokens, and possibly reference-image identifiers are being sent off-platform.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill description says it uses the Neta API for square podcast-cover generation, but the analyzed behavior indicates different API endpoints, additional output modes, and style-reference functionality not disclosed in the description. This mismatch is dangerous because it can mislead users and reviewers about where sensitive data is sent and what the skill can actually do, increasing the risk of unauthorized data disclosure or policy bypass.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The skill description says it uses the Neta API, but the code sends tokens and prompts to talesofai.com instead. This discrepancy is security-relevant because users may provide credentials and content under false assumptions about the receiving service, undermining informed consent and increasing phishing/supply-chain risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README explicitly instructs users to supply the API token via the `--token` command-line flag, which can expose secrets through shell history, process listings, audit logs, and CI job output. In this skill's context, that guidance is especially risky because the documentation states the token is read only from the CLI flag, steering users toward an inherently leak-prone secret handling pattern.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code transmits user prompts and an API token to a third-party remote service without an explicit privacy notice or clear disclosure in the execution flow. Because prompts may contain sensitive creative briefs, brand assets, or personal data, and the token is a credential, this creates a real data-sharing and credential-handling risk.

External Transmission

Medium
Category
Data Exfiltration
Content
body.inherit_params = { collection_uuid: ref, picture_uuid: ref };
  }

  const res = await fetch(`https://api.talesofai.com/v3/make_image`, {
    method: 'POST',
    headers: {
      'x-token': token,
Confidence
90% confidence
Finding
https://api.talesofai.com/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal