Back to skill

Security audit

Don't download

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Bria.ai image API skill, but it deserves review because it broadly activates for image requests, uploads images/prompts to Bria, and stores Bria credentials in plaintext for reuse.

Install only if you intend to connect a Bria.ai account and send selected images or prompts to Bria for processing. Avoid using it for private, regulated, or internal-only images unless Bria’s terms and your account settings are acceptable, and protect or remove ~/.bria/credentials when you no longer want this skill to make Bria API calls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill embeds substantial shell execution guidance but does not declare corresponding permissions, which weakens platform-level control and transparency around what the skill can do. In practice this can let a broadly-triggered skill run local shell commands that read files, write credentials, and invoke external services without an explicit permission boundary.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The top-level description tells the agent to use this skill for an extremely wide range of image-related requests, including ordinary transformation tasks and 'any visual content creation.' That overbroad trigger increases the chance the skill activates in situations where external API calls, auth flows, and local credential handling are unnecessary or unexpected.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The markdown guidance explicitly states that if the user mentions images, photos, visuals, or any visual content creation, the skill should be used. This is an ambiguous catch-all that can route benign image discussions or local-only editing requests into a workflow that sends data to a remote vendor and performs shell-based auth handling.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation directs callers to send image URLs, base64 image content, and API authentication headers to Bria's external service but does not clearly warn users that their data leaves the local system and is transmitted to a third party. In an image-processing skill, this omission can cause unintended disclosure of sensitive images, internal URLs, or credentials-bearing request metadata, especially when users may assume processing is local or first-party.

External Transmission

Medium
Category
Data Exfiltration
Content
Introspect the bearer token to check billing status and obtain the real API key for Bria API calls:

```bash
INTROSPECT=$(curl -s -X POST "https://engine.prod.bria-api.com/v2/auth/token/introspect" \
  -d "token=$BRIA_ACCESS_TOKEN")
BILLING_STATUS=$(printf '%s' "$INTROSPECT" | sed -n 's/.*"billing_status" *: *"\([^"]*\)".*/\1/p')
if [ "$BILLING_STATUS" = "blocked" ]; then
Confidence
87% confidence
Finding
curl -s -X POST "https://engine.prod.bria-api.com/v2/auth/token/introspect" \ -d

Credential Access

High
Category
Privilege Escalation
Content
## Setup — Authentication

Before making any API call, you need a valid Bria access token.

### Step 1: Check for existing credentials
Confidence
97% confidence
Finding
access token

Session Persistence

Medium
Category
Rogue Agent
Content
if [ -n "$ACCESS_TOKEN" ]; then
    BRIA_ACCESS_TOKEN="$ACCESS_TOKEN"
    REFRESH_TOKEN=$(printf '%s' "$TOKEN_RESPONSE" | sed -n 's/.*"refresh_token" *: *"\([^"]*\)".*/\1/p')
    mkdir -p ~/.bria
    printf 'access_token=%s\nrefresh_token=%s\n' "$BRIA_ACCESS_TOKEN" "$REFRESH_TOKEN" > "$HOME/.bria/credentials"
    echo "AUTHENTICATED"
    break
Confidence
98% confidence
Finding
mkdir -p ~/.bria

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.