Prompt Artist

Security checks across malware telemetry and agentic risk

Overview

This prompt tool appears legitimate, but it can charge a SkillPay account by default and stores prompt history locally, so it needs review before use.

Install only if you intentionally want a paid prompt-optimization skill and can control the SkillPay account behind SKILLPAY_API_KEY. Require explicit approval before each charge, verify the user ID and amount, and avoid entering sensitive prompt text unless you are comfortable with local history retention.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill advertises executable scripts that use environment variables, local file writes, and network access, yet the manifest does not declare any permissions or capability boundaries. This undermines informed consent and sandboxing because a host may invoke a skill that can charge via SkillPay, persist prompt history locally, and make outbound requests without those behaviors being explicitly surfaced in the skill declaration.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 88% confidence
Finding: The declared description focuses on prompt optimization, but the exposed commands also include prompt history/favorites persistence, style-library browsing, billing balance lookup, and payment-link generation. That mismatch is security-relevant because users and orchestrators may authorize the skill for a limited creative purpose while the implementation performs additional data retention and financial/account operations not clearly disclosed at the top level.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The script can initiate a real billing charge via the external SkillPay API as soon as `charge()` is called, with no built-in confirmation, authorization check, or interactive warning. In an agent-skill context, this is risky because an upstream caller or prompt-induced action could trigger monetary charges on behalf of a user without clear consent at execution time.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal