Horse Sticker Maker

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its horse sticker and AI blessing purpose, but it under-discloses Google/Gemini API key use and exposes public generation endpoints that could consume the deployer’s quota or billing.

Review before deploying. Use restricted Google/Gemini API keys, add authentication and rate limiting before making the app public, disclose that entered names/text are sent to AI providers, and review Vercel settings rather than relying on the `--yes` production deploy command.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill advertises a simple client-side sticker maker but its documented workflow includes deployment and API-backed functionality, while no permissions are declared for network or environment access. This creates a transparency and governance gap: reviewers and users cannot accurately assess what external access the skill requires, which can hide data exfiltration, third-party calls, or secret usage.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 97% confidence
Finding: The file's stated purpose is a horse-themed animated GIF sticker maker, but the described/projected behavior includes server-side Gemini/Imagen generation, poem creation, and unrelated AI sticker endpoints. This mismatch is dangerous because it can mislead users and security reviewers about what data leaves the client, what third parties are contacted, and what capabilities are actually exercised.

Intent-Code Divergence

Medium

Confidence: 90% confidence
Finding: The project structure explicitly references AI-generated blessing pages and AI poem/image generation APIs, contradicting the rest of the file's framing as a straightforward sticker maker. In security terms, inconsistent documentation obscures the true attack surface and can cause reviewers to miss backend endpoints, prompt-handling logic, or external service integrations.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The route takes user-supplied name data and sends it to external Google model endpoints, but there is no indication in this code path of user notice, consent, or minimization. In the context of a sticker-maker skill, users may reasonably expect local rendering; silently transmitting even small personal data to third-party AI services creates a privacy and compliance risk, especially if names are personally identifying.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal