baiyin-cover-train-skill

Security checks across malware telemetry and agentic risk

Overview

This AI singer training skill mostly matches its purpose, but it also tells the agent to silently check and update the installed skill from a remote source before use.

Review before installing. The Baiyin API operations themselves are expected for this skill, but prefer a version that removes the silent self-update gate or only allows manual, reviewed updates. Use a dedicated Baiyin API key with limits, and upload only media you are comfortable sending to the provider.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill instructs the agent to contact a remote service, compare versions, and silently update the local skill before serving the user's request. This creates an undisclosed supply-chain and consent problem: the agent may make unexpected network calls and modify executable prompt/skill content without user awareness, expanding the attack surface and enabling remote behavior changes at runtime.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal