xAI / Grok

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Grok/xAI chat skill that sends user prompts and selected images to xAI, with privacy caveats but no evidence of hidden or malicious behavior.

Install only if you are comfortable sending prompts, system prompts, X search queries, and any selected image files to xAI. Avoid using it with screenshots, documents, photos, or prompts containing secrets, personal data, regulated data, or proprietary information unless that sharing is acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The README advertises image analysis but does not clearly disclose that the referenced image will be transmitted to xAI's remote API for processing. In a chatbot skill context, users may assume local analysis or may share sensitive screenshots, documents, or photos without understanding the third-party data transfer, creating a meaningful privacy and data-handling risk.

Missing User Warnings

Low

Confidence: 74% confidence
Finding: The setup instructions tell users to store an API key in config or an environment variable but do not warn against committing credentials to source control, sharing logs, or exposing shell history. This is a common credential-hygiene weakness: not inherently malicious, but it increases the chance users mishandle a live API secret.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: This script transmits the user's prompt and, when provided, the full contents of a local image file to the external xAI API, but it does not present an explicit warning or consent step at the point of transmission. In a chat skill, external transmission is expected, but the image path is resolved locally and the file is read and base64-encoded, which increases the risk of users unintentionally sending sensitive local content or confidential prompts off-host.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: On non-200 responses, the script prints the full API response body directly to stderr. If the upstream service includes echoed request details, query text, debugging metadata, or account-specific information in error payloads, this can leak potentially sensitive user queries into logs, terminals, or monitoring systems without clear consent.

Shadow Command Trigger

Medium

Category: Trigger Abuse
Confidence: 77% confidence
Finding: The trigger 'ask grok' overlaps with a generic built-in 'ask' pattern, which can cause ambiguous routing or unexpected invocation of this external-network skill. In practice, that may send user prompts or attached images to xAI when the user intended a local or different built-in command, creating privacy and consent risks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal