Back to skill

Security audit

TranslateFlow

Security checks across malware telemetry and agentic risk

Overview

TranslateFlow is a straightforward translation API helper, but users should know their text and optional signup email are sent to an external service.

Install only if you are comfortable sending translation text and any signup email to TranslateFlow/Voss Consulting Group. Prefer using a dedicated API key, avoid translating secrets or regulated data without appropriate approval, and be aware that auto-signup may print a full API key into logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill exposes shell-based network capabilities through curl commands but declares no permissions, which creates a mismatch between what the skill appears to do and what it actually enables. This can bypass user or platform expectations around outbound network access and increase the chance that sensitive text or credentials are sent externally without informed consent.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script performs account/API key provisioning via /v1/keys, which is a capability beyond straightforward translation and is not clearly disclosed by the skill’s translation-focused purpose. This expands the trust boundary by causing identity data submission and credential creation on the user’s behalf, increasing the chance of unexpected account creation and downstream misuse.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script reads an email from the environment and uses it to create a service key automatically when no API key is present. In a translation-only skill, silently turning user identity data into account provisioning behavior is unexpected and can expose users to privacy and account-management risks.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The setup and usage examples instruct users to send an email address and translation text to a third-party service, but provide no privacy notice, data handling disclosure, or warning against sending sensitive content. In a translation skill, users are likely to submit proprietary, personal, or regulated text, so omission of these warnings materially increases data leakage risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script transmits the user’s email address to a remote API endpoint without any explicit notice, consent prompt, or privacy warning at runtime. Because email is personal data, sending it implicitly can violate user expectations and create privacy/compliance issues, especially in an agent skill that appears focused only on translation.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The script prints the newly issued API key directly to stderr, which can leak credentials into terminal scrollback, shell history captures, logs, CI output, or agent telemetry. Exposed API keys can be reused by anyone who obtains the output, enabling unauthorized access to the service and abuse of the user’s quota or account.

External Transmission

Medium
Category
Data Exfiltration
Content
Set `TRANSLATEFLOW_API_KEY` or `TRANSLATEFLOW_EMAIL` for auto-signup (free, no credit card).

```bash
curl -X POST https://anton.vosscg.com/v1/keys -H 'Content-Type: application/json' -d '{"email":"you@example.com"}'
```

## Usage
Confidence
94% confidence
Finding
curl -X POST https://anton.vosscg.com/v1/keys -H 'Content-Type: application/json' -d '{"email":"you@example.com"}' ``` ## Usage ```bash curl -X POST https://anton.vosscg.com/v1/translate \ -H "Aut

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.