Back to skill

Security audit

Straker Verify - AI Translation & Human Review

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Straker translation skill that uses a Straker API key and sends selected text or files to Straker for translation-related services.

Install only if you are comfortable sending chosen text, files, and project metadata to Straker Verify. Do not submit secrets, regulated data, or confidential customer documents unless your organization approves Straker for that use, and keep the API key protected.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Low
Confidence
90% confidence
Finding
The README tells users to configure an API key for a third-party translation service but does not clearly disclose that skill input may be transmitted off-platform to that external provider. In a translation skill, sending user-provided text externally is expected, but failing to warn users creates a privacy and data-handling transparency issue, especially if users may submit sensitive content.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.