Back to skill

Security audit

Hotdog

Security checks across malware telemetry and agentic risk

Overview

This hot-dog photo game appears purpose-aligned, but it can upload food photos to an external service on broad triggers and exposes a reusable API token in the skill text.

Install only if you are comfortable with selected food photos, model names, classifications, and descriptions being sent to hotdogornot.xyz. Prefer a version that narrows activation to explicit battle requests, asks before uploading, documents retention and sharing, and removes or rotates the embedded API token.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill’s manifest and user-facing description present it as a simple image-classification game, but the workflow also uploads the user’s photo, sends the model-generated description to a third-party battle API, and submits a vote. This is a material expansion of data use and external behavior beyond what a user would reasonably expect, creating privacy, consent, and data-governance risk.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The skill embeds a hard-coded bearer token directly in the markdown command, exposing reusable credentials to anyone with access to the skill file. This can enable unauthorized use of the external API, abuse of the associated account, and makes secret rotation and access control difficult.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger phrases include very broad terms such as 'hotdog' and image/photo-related contexts that may cause the skill to activate unintentionally. In this skill, accidental invocation is more dangerous because activation can lead to external upload of user photos and API interactions without the user clearly intending that data flow.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill sends the user’s image and the model’s generated description to external services, but the markdown shown to users does not warn them that their content will leave the local environment. This lack of disclosure undermines informed consent and can expose sensitive images or derived content to third-party processing and retention.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
SKILL.md:32