a2e.ai Full Platform

Security checks across malware telemetry and agentic risk

Overview

This is a real A2E media-generation helper, but it exposes face/voice cloning, remote media storage, paid account actions, and deletion commands without enough safety scoping or confirmation guidance.

Install only if you trust a2e.ai with your API key, prompts, media URLs, images, audio, video, and account assets. Use face, voice, avatar, and dubbing features only with clear rights and consent, watch credit usage, avoid private/internal URLs, and manually verify target IDs before running delete/remove commands.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (10)

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The OpenAPI spec exposes an account-management endpoint (`/api/v1/user/add`) that is outside the stated media-generation purpose of the skill. In an agent context, this broadens capability scope and could let an agent create accounts or trigger identity lifecycle actions without clear user intent, violating least privilege and increasing abuse potential.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The invocation text is extremely broad, including 'any a2e.ai task,' which increases the chance the skill is auto-selected for loosely related requests. In a skill system, overbroad routing increases the risk of unintended execution of sensitive capabilities such as face swapping, voice cloning, uploads, or paid model usage.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill advertises highly sensitive operations including voice cloning, face/head swapping, talking media generation, and deletion of avatars without any safety, consent, privacy, or destructive-action warnings. In this context, the absence of safeguards makes misuse more dangerous because these features can impersonate people, process biometric-like media, or irreversibly alter stored assets.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The authentication guidance instructs loading an API key and sending authenticated requests to an external service but does not disclose that user media, prompts, account metadata, and possibly biometric content will be transmitted off-platform. This creates a transparency and consent gap for sensitive data handling.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The file documents face-swap and related manipulated-media capabilities with no consent, authorization, or abuse-prevention guidance. In the context of an agent skill, this omission is dangerous because it normalizes highly sensitive biometric manipulation and can enable impersonation, harassment, fraud, or non-consensual deepfake creation.

Missing User Warnings

High

Confidence: 94% confidence
Finding: Voice cloning and auto-cloned dubbing are documented without any warning about consent, identity misuse, or privacy-sensitive audio handling. In an agent-integrated context, this materially increases risk of unauthorized voice impersonation, social engineering, fraud, and processing of sensitive personal data without user awareness.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The API reference encourages passing arbitrary external URLs and transferring media into A2E storage without warning users that supplied media will be fetched, transmitted, and possibly retained by a third-party service. In an agent setting, this can cause unintentional disclosure of private media, internal URLs, or access-controlled resources if users are not clearly informed.

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: The removeavatar command performs a destructive remote action immediately with only an ID argument and no confirmation, dry-run, or safety interlock. In an agent/skill context, this increases the chance of accidental irreversible deletion of user assets if the command is invoked with the wrong ID or via prompt confusion.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The delface command issues a DELETE request with no confirmation or validation beyond the supplied ID. In an automation setting, this can lead to accidental deletion of stored biometric/face assets, which may be difficult or impossible for the user to recover.

Missing User Warnings

Medium

Confidence: 81% confidence
Finding: The delbg command deletes a background resource without any warning or confirmation step. In a skill used by an agent, low-friction destructive commands materially raise the risk of unintended data loss from mistaken tool use or ambiguous user requests.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal