Back to skill

Security audit

Best Practice Skill Creator

Security checks across malware telemetry and agentic risk

Overview

The skill’s main purpose is coherent, but it ships an embedded API key and uploads user screenshots or video frames to an under-disclosed external model endpoint.

Install or run only if you are comfortable with your videos, screenshots, and task description leaving your machine. Replace the bundled API configuration with your own trusted provider settings, do not use the embedded key, and manually review every generated SKILL.md before installing or publishing it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill metadata and description indicate it relies on environment variables, writes generated skill files to disk, and calls external multimodal model providers, yet the file does not declare permissions for those capabilities. That creates a transparency and policy-enforcement gap: users or the platform may invoke a networked, file-writing skill without clear consent boundaries, and a generated skill could be written to sensitive locations if downstream code is lax.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The configuration contains a hardcoded API key, which is a sensitive secret embedded directly in the skill file. Anyone with access to the repository, package, logs, or distributed skill can extract and misuse the credential for unauthorized API access, billing abuse, or pivoting through the configured provider endpoint.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The invocation description is broad and matches common user intents such as creating a skill from a video, screenshots, or tutorial content. This increases the chance the skill is auto-selected in contexts the user did not intend, which is more concerning here because the skill can trigger networked model calls and file creation as part of its normal operation.

Missing User Warnings

High
Confidence
98% confidence
Finding
A hardcoded API key is present in a manifest/config without any user-facing disclosure, so operators may unknowingly distribute or run a skill that contains live credentials. This increases the chance of silent credential leakage and unauthorized third-party use because the secret is packaged as normal configuration rather than supplied securely at deployment time.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The tool sends user-provided video/images and task descriptions to an external multimodal model provider, but the CLI does not present an explicit warning or consent step about network transmission of potentially sensitive media. In a skill-creation workflow, inputs may contain screenshots, credentials, internal dashboards, or proprietary procedures, so silent upload to a third party creates a real confidentiality and compliance risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The provider sends prompt and image contents to an external API without any visible disclosure, consent check, or sensitivity filtering in this code path. If users supply confidential screenshots, credentials, personal data, or internal documents, those contents may be transferred off-system unexpectedly, creating privacy, compliance, and data-handling risk.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.