Back to skill

Security audit

ime_message_skill

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a legitimate text-rewriting helper, but it sends potentially private message text to an external model service without clear user-facing disclosure or opt-in.

Install only if you are comfortable with rewritten text being sent to an external model provider. Avoid using it for passwords, secrets, medical/legal/financial details, or private conversations unless the provider and retention policy are acceptable to you.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation instructs integrators to send user text to a remote third-party model endpoint but does not clearly disclose that message content will leave the local environment. In a skill intended for IME/voice-message rewriting, users may submit sensitive chat content, so lack of explicit notice and consent can cause unintended privacy and compliance exposure.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script transmits user-provided text to a third-party model endpoint and includes endpoint/model metadata in the returned JSON, but the CLI flow provides no explicit disclosure or confirmation that content is leaving the local machine. In a text-rewriting/IME context, inputs are likely to contain private chats, dictated messages, names, or other sensitive content, so silent remote transmission creates a real privacy and data-handling risk even if the functionality is intentional.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.