Back to skill

Security audit

Hugging Face Gradio

Security checks across malware telemetry and agentic risk

Overview

This is a Gradio documentation skill with mostly purpose-aligned examples, but users should be careful before letting an agent call remote Gradio Spaces or pass tokens.

Install is reasonable if you want Gradio help. Before allowing an agent to run `gradio predict`, upload files, or use `--token`, confirm the exact Space, endpoint, payload, and files involved; do not pass secrets or private files unless you intentionally want them sent to that remote service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill claims to help build and edit Gradio UIs, but this section additionally instructs the agent to discover and invoke remote Gradio/Hugging Face Space endpoints via CLI. That materially expands the capability from local UI authoring into outbound network interaction with third-party services, including data submission, which can cause unintended remote actions or data disclosure if an agent follows it automatically.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Mentioning `--token` support for private Spaces introduces credentialed access to remote services without necessity for the declared UI-building function. In an agent context, this can normalize use of sensitive tokens and encourage authenticated outbound actions against private resources, increasing the chance of secret misuse or unauthorized access.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The documentation explains that file parameters in `gradio predict` upload local files to a remote server, but it does so as an implementation detail rather than a safety warning. In an agent workflow, that omission makes accidental exfiltration of local files more likely because the transmission risk is not made explicit at the point of use.

Missing User Warnings

Low
Confidence
83% confidence
Finding
Referencing token support without any caution about credential sensitivity is unsafe in an agent-consumable skill because it can encourage passing secrets on the command line without considering leakage, logging, or reuse risks. The issue is less severe than direct exfiltration guidance, but it still weakens safe handling expectations around credentials.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.