Back to skill

Security audit

Tripo 3d

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Tripo 3D generation skill with expected external processing and a disclosed anonymous quota identifier, but users should understand the proxy and privacy tradeoffs.

Install if you are comfortable sending 3D prompts, public image URLs or file references, task metadata, and an anonymous quota ID to Tripo or the listed proxy. Use your own Tripo API key for direct Tripo routing, avoid confidential designs or private images unless external processing is approved, and delete ~/.tripo-skill-id if you want to reset the free-tier identifier.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README states that, without a Tripo API key, requests are sent through an operator-controlled proxy at skills.vast-internal.com using a shared secret, but it does not clearly disclose the privacy and trust implications of routing user prompts, images, and generated asset metadata through that third party. This can mislead users into sending potentially sensitive content to infrastructure they do not control, increasing the risk of unintended data exposure or misuse.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill creates a stable identifier and writes it to a dotfile in the user's home directory, enabling cross-session tracking without any visible consent or disclosure in the code path. Even though this appears intended for quota/accounting rather than abuse, persistent identifiers are privacy-sensitive and can enable silent profiling or linkage of activity over time.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This skill transmits user-supplied prompts, image URLs, file references, task IDs, and a user ID to external services (Tripo API and a proxy) without any in-code warning, consent, or minimization. Because prompts and URLs may contain sensitive business data or personal content, silent exfiltration to third parties creates a real privacy and data-governance risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
index.mjs:12