Xpilot Ad Maker

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed ad-generation pipeline that sends media prompts to AI providers and uploads generated assets to the user's Cloudflare R2 storage.

Install only if you are comfortable giving the skill paid AI-provider keys and Cloudflare R2 write access. Use least-privilege keys and a dedicated R2 bucket or prefix, because prompts, narration, images, intermediate clips, and final videos leave the local machine and may be publicly reachable depending on your R2_PUBLIC_URL and bucket policy.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: `pollImage` accepts any absolute URL and fetches it with the Wavespeed bearer token attached. If an attacker can influence `pollUrl`, this creates a server-side outbound request primitive and may leak the API credential to an arbitrary host via the `Authorization` header. In an agent skill context, this broadens the component from a provider-specific client into a general SSRF-style fetch gadget, which is more dangerous than its stated purpose suggests.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill states that outputs are uploaded to Cloudflare R2 and even provides public R2 URLs for examples, but it does not prominently warn users that generated assets and intermediates may be publicly accessible. If users process sensitive marketing materials, patient-related content, or proprietary brand assets, they may unintentionally expose them through public object storage.

External Transmission

Medium

Category: Data Exfiltration
Content: // Community models require version-based predictions endpoint. const KOKORO_VERSION = "f559560eb822dc509045f3921a1921234918b91739db4bf3daab2169b71c7a13"; const res = await fetch("https://api.replicate.com/v1/predictions", { method: "POST", headers: { Authorization: `Token ${REPLICATE_KEY}`,
Confidence: 84% confidence
Finding: fetch("https://api.replicate.com/v1/predictions", { method: "POST"

External Transmission

Medium

Category: Data Exfiltration
Content: // Community models require version-based predictions endpoint. const KOKORO_VERSION = "f559560eb822dc509045f3921a1921234918b91739db4bf3daab2169b71c7a13"; const res = await fetch("https://api.replicate.com/v1/predictions", { method: "POST", headers: { Authorization: `Token ${REPLICATE_KEY}`,
Confidence: 84% confidence
Finding: https://api.replicate.com/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal