Back to skill

Security audit

doubao-image-auto

Security checks across malware telemetry and agentic risk

Overview

The skill is for Doubao image generation, but it expands into direct authenticated API use with a saved cookie file and missing scripts that users cannot review here.

Install only after reviewing the missing Node scripts and confirming exactly which cookie file is read and where images are saved. Prefer a dedicated Doubao account or browser profile, and require explicit approval before any browserless API call uses saved cookies.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The documentation materially expands the skill from browser-scoped CDP automation to a separate API-driven workflow using persisted session state, which changes the trust and security boundary without clearly declaring it. This is dangerous because users may approve a browser automation skill while the documented behavior actually enables direct authenticated requests and local credential reuse, increasing the risk of account misuse and unauthorized actions.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill documents reusing persistent session cookies from a local file, which creates a credential-handling path beyond the stated browser automation purpose. Persisted session tokens can be stolen, replayed, or silently reused to act as the user, enabling unauthorized access to the user's Doubao account and associated data.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
Claiming 'no browser needed, pure API calls' contradicts the earlier browser/CDP-only description and conceals a materially different execution model. This misrepresentation is dangerous because reviewers and users may underestimate the privileges involved, especially where direct authenticated API calls can bypass expected browser visibility and user oversight.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill describes automatic downloads to local storage and session/cookie reuse without warning users about privacy, credential, and filesystem implications. This is dangerous because it can lead to silent retention of generated content and authenticated session material on disk, exposing sensitive data to other local users, malware, or unintended processes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.