Back to skill

Security audit

Transformers.js

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Transformers.js skill whose network, caching, and token examples fit its machine-learning purpose, with privacy cautions for real deployments.

Safe to install as documentation, but do not assume all examples are local-only. Pin or self-host dependencies and models for sensitive environments, disable remote models when needed, avoid passing private URLs or secrets through examples, and add normal API protections before deploying the Express sample.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill prominently states that internet access is needed for model downloads and includes multiple remote-loading examples, but it does not give a clear privacy warning that user prompts, model identifiers, asset URLs, and metadata may be sent to third-party services such as Hugging Face or jsDelivr. In a security-sensitive agent environment, this omission can cause unintentional disclosure of user data or internal resource locations when operators assume the skill is local-only ML inference.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The image examples pass remote URLs directly into inference calls without warning that doing so triggers outbound network access and reveals the referenced resource location to external infrastructure. If users substitute internal, presigned, or sensitive asset URLs, the skill could facilitate SSRF-like behavior or leak private document/image locations and access tokens embedded in URLs.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The custom `env.fetch` example demonstrates attaching a bearer token to outbound requests but does not warn about secure token storage, host validation, or the risk of sending credentials to unexpected destinations if URLs are influenced by configuration. In agent or server contexts, this can lead to credential leakage to third-party endpoints or logs.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The browser examples load code from a third-party CDN and fetch model assets from external sources, while the Express examples expose an endpoint that accepts arbitrary user text and returns processed results. Even if inference may run locally after download, the documentation omits privacy and trust-boundary warnings, which can mislead adopters into handling sensitive text without understanding that external resources are contacted and server endpoints receive user content.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.