Security audit

GenArt

Security checks across malware telemetry and agentic risk

Overview

This is a local generative-art skill whose file handling and PNG conversion are purpose-aligned, with some under-documented modes users should notice.

Install if you want a local CLI-style art generator. Choose output paths carefully to avoid overwrites, use glitch --input only with SVG/XML files you intend the tool to read and rewrite, and understand that PNG output may run the system rsvg-convert renderer if it is installed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill advertises executable behavior involving file reads, file writes, and shell-capable execution, but declares no permissions. That creates a transparency and least-privilege problem: users and enforcement systems cannot accurately assess or constrain what the skill may do, increasing the chance of unexpected filesystem access or command execution.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 93% confidence
Finding: The documented behavior omits additional capabilities, including reading external SVG input and mutating it for glitch-art generation. This is dangerous because hidden or undocumented input-processing behavior expands the attack surface, can surprise users with unintended file access, and may allow unsafe handling of crafted SVG content or unauthorized modification of supplied files.

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: The glitch mode reads and processes an arbitrary local SVG path, which broadens the skill from art generation into local file handling without clear scope limitation. In agent contexts, this can expose or transform sensitive local files unexpectedly and may feed attacker-controlled SVG into downstream rendering/parsing components.

Context-Inappropriate Capability

Medium

Confidence: 84% confidence
Finding: Invoking an external system binary adds a non-stdlib execution dependency that is not obvious from the skill description and causes attacker-influenced SVG content to be handed to another parser. Even without shell injection, this increases risk because vulnerabilities in the external renderer could be triggered by malformed or hostile SVG input.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.