Security audit

AI内容生成器(付费版)

Security checks across malware telemetry and agentic risk

Overview

This paid content generator discloses billing, but it can automatically charge through an external service using an embedded API key and an unclear default user account.

Review before installing. Only run this if you understand which SkillPay account will be charged, and avoid using it until the hardcoded API key is removed, the billing user ID is explicit, and charges require clear approval. Expect template-style output rather than real AI-generated content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 87% confidence
Finding: The skill declares access to an environment secret and appears to use network capabilities, but these capabilities are not explicitly declared as permissions. That creates a transparency and governance problem: reviewers and users may not understand that the skill can exfiltrate secrets or make external billing requests, especially in a paid workflow. In this context, hidden network and env access is more dangerous because the skill processes payments and relies on an API key.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 96% confidence
Finding: The documented behavior does not match the observed behavior: the skill reportedly performs external billing interactions, recharge link generation, and limited template-based output while presenting itself as a general AI content generator. This can mislead users into authorizing charges or sharing data under false assumptions, and the mention of a hardcoded API key materially increases the security risk if true. In a paid skill, deception around billing and functionality is especially dangerous because it affects both user trust and financial safety.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The code sends user identifiers, balance queries, charge requests, and payment-link requests to an external billing service, but the more serious issue is that it embeds a live-looking fallback API key directly in source code. That hardcoded secret could be extracted by anyone with code access and abused to query balances, create charges, or generate payment links against the billing backend, exposing financial and user data and enabling unauthorized billing actions.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.