Back to skill

Security audit

GlucoDNA 广告图生成器

Security checks across malware telemetry and agentic risk

Overview

The skill largely does what it claims, but it packages customer-derived health testimonials and sales/order guidance without clear consent or privacy handling.

Review this skill before installing if you plan to use it in real sales or advertising. Use a dedicated limited Gemini API key, avoid storing broad credentials in TOOLS.md, verify that customer testimonials and voice transcripts were collected and reused with consent, and have health-product claims reviewed for compliance before publishing generated ads.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The script is presented as a simple ad generator, but it also searches a workspace documentation file for a Gemini API key and then uses that credential for an outbound API call. This hidden credential access is risky because it expands the script's behavior beyond its stated purpose and may cause users to unknowingly expose secrets to a third-party service.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly instructs collection of personal order information including name, address, phone number, and purchase quantity, but provides no notice about why the data is collected, how it will be stored, who can access it, or how long it will be retained. In a sales workflow involving health-related products, this increases privacy and compliance risk because sensitive purchasing context can be linked to medical concerns.

Missing User Warnings

High
Confidence
97% confidence
Finding
The file states it was built from Facebook Messenger customer conversations and voice messages using automated scraping and speech-to-text, but gives no indication that the customers consented to secondary use, transcription, or inclusion in a reusable knowledge base. Because the source material includes health-related testimonials and potentially identifiable communications, the privacy risk is elevated and may expose sensitive personal data beyond the original conversation context.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The skill explicitly states that generated output will be saved to the Desktop, but it does not present this as a user-facing warning or consent point. This can lead to unexpected file writes in a visible/local filesystem location, which is a transparency and privacy issue even if the written content is only an ad image.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The code silently reads credentials from TOOLS.md or the GEMINI_API_KEY environment variable and submits data to Google's API without explicit user consent or clear disclosure. In an agent-skill context, undisclosed secret access plus exfiltration to an external provider is a genuine security concern because users may not realize local secrets are being consumed and transmitted.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.