Back to skill

Security audit

Tokenlab Model Picker

Security checks across malware telemetry and agentic risk

Overview

The skill appears to use a public TokenLab model catalog for model recommendations, with no evidence of hidden credential use, persistence, or unsafe automation.

Review that you are comfortable with the agent contacting api.tokenlab.sh for model catalog lookups. Avoid putting private prompts, secrets, or account data into catalog query parameters unless the skill clearly documents that use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

External Transmission

Medium
Category
Data Exfiltration
Content
1. Identify the workload: chat, coding, agent loop, image, video, audio, embedding, rerank, translation, or multimodal.
2. Use the public model catalog before recommending hardcoded IDs:
   - General catalog: `GET https://api.tokenlab.sh/v1/models`
   - Task shortlist: `GET https://api.tokenlab.sh/v1/models?recommended_for=<scene>`
   - Model contract: `GET https://api.tokenlab.sh/v1/models/:model`
   - Pricing detail: `GET https://api.tokenlab.sh/v1/models/:model/pricing`
Confidence
50% confidence
Finding
https://api.tokenlab.sh/

External Transmission

Medium
Category
Data Exfiltration
Content
1. Identify the workload: chat, coding, agent loop, image, video, audio, embedding, rerank, translation, or multimodal.
2. Use the public model catalog before recommending hardcoded IDs:
   - General catalog: `GET https://api.tokenlab.sh/v1/models`
   - Task shortlist: `GET https://api.tokenlab.sh/v1/models?recommended_for=<scene>`
   - Model contract: `GET https://api.tokenlab.sh/v1/models/:model`
   - Pricing detail: `GET https://api.tokenlab.sh/v1/models/:model/pricing`
3. Prefer exact public model IDs over family names.
Confidence
50% confidence
Finding
https://api.tokenlab.sh/

External Transmission

Medium
Category
Data Exfiltration
Content
2. Use the public model catalog before recommending hardcoded IDs:
   - General catalog: `GET https://api.tokenlab.sh/v1/models`
   - Task shortlist: `GET https://api.tokenlab.sh/v1/models?recommended_for=<scene>`
   - Model contract: `GET https://api.tokenlab.sh/v1/models/:model`
   - Pricing detail: `GET https://api.tokenlab.sh/v1/models/:model/pricing`
3. Prefer exact public model IDs over family names.
4. Separate recommendation dimensions:
Confidence
50% confidence
Finding
https://api.tokenlab.sh/

External Transmission

Medium
Category
Data Exfiltration
Content
- General catalog: `GET https://api.tokenlab.sh/v1/models`
   - Task shortlist: `GET https://api.tokenlab.sh/v1/models?recommended_for=<scene>`
   - Model contract: `GET https://api.tokenlab.sh/v1/models/:model`
   - Pricing detail: `GET https://api.tokenlab.sh/v1/models/:model/pricing`
3. Prefer exact public model IDs over family names.
4. Separate recommendation dimensions:
   - quality or frontier capability
Confidence
50% confidence
Finding
https://api.tokenlab.sh/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.