Seisoai

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Seisoai media-generation skill, but it can use paid credentials or x402 payments and exposes identity-sensitive media tools without enough built-in user safeguards.

Review before installing. Use a dedicated Seisoai key or wallet with strict spending limits, require explicit confirmation before any paid job, check pricing first, and only use face-swap or voice-cloning tools with clear authorization from the people involved.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill advertises face-swap and voice-cloning capabilities as normal tool options without any consent, identity, or misuse warning. In a media-generation gateway used by agents, this increases the risk of non-consensual impersonation, deception, and privacy abuse because the model is given operational guidance but no policy guardrails for sensitive biometric-like transformations.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill instructs agents to use API keys and x402 payment flows, including retry/payment behavior, but does not warn that these actions may consume credits, trigger billing, or use sensitive credentials. In an autonomous agent setting, this can lead to unintended charges, unsafe credential handling, or unreviewed payment attempts if the agent follows the workflow automatically.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal