Back to skill

Security audit

Velora

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says, but it asks for real Velora account credentials and can send messages through an automated browser with weak consent and credential-handling boundaries.

Install only if you are comfortable letting an automated browser log into Velora and send chat or image-generation requests on your behalf. Use a dedicated or low-risk account, avoid putting the password directly in a shell command, and require explicit confirmation before any login or message/image action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation examples are broad enough that ordinary user requests like 'Chat with [Companion Name]' could activate browser automation involving account login and live interaction without clear confirmation of scope. In a skill system, overbroad triggers can cause unintended access to authenticated services and actions on behalf of the user.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation instructs users to supply account credentials to browser automation and shows direct credential handling, but it lacks a clear warning that the skill will log into a real account and act with that account's privileges. This creates meaningful risk of credential misuse, account compromise, privacy loss, and unintended actions, especially because the skill targets a live consumer service.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script explicitly takes an email and password as command-line arguments, which commonly exposes credentials through shell history, process listings, job control tools, CI logs, and audit systems. In a browser automation skill intended for real account use, this creates a practical credential leakage risk even if the script itself does not exfiltrate them.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.