Back to skill

Security audit

Naver Papago Translate

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Naver Papago translation skill that sends user-selected text to Naver's API as expected for translation.

Install only if you are comfortable sending the text you translate, including any file content you explicitly pass with --file, to Naver Papago over HTTPS using your Naver API credentials. Avoid translating secrets, credentials, regulated data, or confidential material unless that third-party processing is approved for your environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill does not clearly warn users that any text submitted for translation is transmitted to Naver's external API, which can expose sensitive prompts, documents, secrets, or personal data to a third party. In an agent workflow, this is especially risky because users may assume translation is local and may pass confidential content without informed consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.