Back to skill

Security audit

deepL Translate

Security checks across malware telemetry and agentic risk

Overview

This DeepL API skill is coherent and disclosed; it sends selected text or documents to DeepL for translation but does not show hidden or unrelated behavior.

Install this only if you are comfortable sending selected text, documents, and glossary entries to DeepL using your API key. Avoid submitting secrets or regulated data unless authorized, consider a dedicated DeepL API key, and double-check glossary IDs before update or delete commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The reference describes authenticated requests and file/text upload endpoints without clearly warning that user-provided content and API credentials are sent to a third-party service. In a skill context, this omission can mislead users or downstream agents into transmitting sensitive text or documents externally without informed consent or data-handling checks.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.