Back to skill

Security audit

3D Maker Companion

Security checks across malware telemetry and agentic risk

Overview

This is a Meshy.ai maker workflow helper with disclosed API-key and network use, but users should handle the local plaintext .env key carefully.

Install only if you intend to use Meshy.ai and are comfortable sending prompts or image URLs to Meshy with your API key. Prefer setting MESHY_API_KEY in your environment instead of saving it with set-key; if you do save it, make sure the .env file is not shared or committed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill declares no permissions, but its metadata and instructions indicate capabilities to access environment variables, install packages, make external network calls to Meshy, and read/write local credential material via a .env workflow. This is a real security issue because users and policy engines are not given accurate notice of the skill's effective privileges, which can lead to unexpected secret handling and outbound data transfer.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The stated description presents the skill as a general maker/design assistant, but the content reveals operational behavior involving credential storage, credential retrieval from .env/environment, and direct calls to a third-party cloud API. That mismatch is dangerous because users may invoke the skill for design help without realizing it can persist secrets locally and transmit data externally, increasing the risk of credential exposure and unintended data egress.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The set_key function writes the API key in plaintext to a local .env file with no pre-write warning, permission hardening, or validation of whether the file may be accessible to other users or accidentally committed to source control. This can expose the credential through local file disclosure, backups, or repository leaks.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.