Back to skill

Security audit

Ascii Art Creator

Security checks across malware telemetry and agentic risk

Overview

This is a coherent ASCII-art command-line skill; the risky execution findings are confined to optional CI verification helpers, not the advertised install or runtime path.

Installing the ASCII-art tool is reasonable. Use ascii_art.py for normal banner, box, cow, table, and image conversion tasks. Do not run ci/verify_product.py on repositories or skill folders you do not trust unless it is inside a sandbox with no secrets, because that verifier intentionally executes discovered Python self-tests and test files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def has_self_test(fp):
    r = subprocess.run([sys.executable, fp, "self-test"], capture_output=True, text=True, timeout=30)
    return r.returncode == 0 and "PASS" in r.stdout
Confidence
97% confidence
Finding
r = subprocess.run([sys.executable, fp, "self-test"], capture_output=True, text=True, timeout=30)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
all_ok &= axis(False, "frontmatter (no SKILL.md)")
        all_ok &= axis(False, "docs (no SKILL.md)")
    # 3 compiles
    comp_ok = all(subprocess.run([sys.executable, "-m", "py_compile", fp],
                                capture_output=True).returncode == 0 for fp in files)
    all_ok &= axis(comp_ok, "compiles (py_compile all .py)")
    # 4 self-test (any of 3 valid forms)
Confidence
95% confidence
Finding
comp_ok = all(subprocess.run([sys.executable, "-m", "py_compile", fp], capture_output=True).returncode == 0 for fp in files)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
tests = [os.path.join(folder, f) for f in os.listdir(folder)
                 if (f.startswith("test_") or f.endswith("_test.py")) and f.endswith(".py")]
        if tests:
            st_ok = all(subprocess.run([sys.executable, t], capture_output=True, text=True,
                                      timeout=30).returncode == 0 for t in tests)
            st_note = f"{len(tests)} test_*.py"
        elif re.search(r"(?im)^test\s*:", skill_txt):
Confidence
98% confidence
Finding
st_ok = all(subprocess.run([sys.executable, t], capture_output=True, text=True, timeout=30).returncode == 0 for t in tests)

Lp3

Medium
Category
MCP Least Privilege
Confidence
80% confidence
Finding
The skill declares no permissions, yet the associated behavior indicates file-reading and shell execution capabilities. In an agent environment, undeclared execution and filesystem access reduce transparency and can enable unexpected command execution or local data exposure if the skill is invoked automatically or with untrusted inputs.

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The documented purpose is simple ASCII-art generation, but the detected behavior expands into repository verification, subprocess execution, CI/self-test runs, source scanning, and deploy-readiness auditing. This mismatch is dangerous because users or orchestrating agents may grant trust based on the benign description while the skill performs broader actions with shell and file access, increasing the risk of unintended execution and data exposure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.