Security audit

Agent Selfie

Security checks across malware telemetry and agentic risk

Overview

This is a coherent avatar-generation skill that uses a SkillBoss API key and external image API, with some privacy and automation cautions but no evidence of malicious behavior.

Install only if you trust SkillBoss API Hub with your image prompts and API key. Avoid putting secrets, private personal details, or confidential branding data in personality fields, and require confirmation before any workflow updates public Discord, Twitter/X, or AgentGram avatars.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (5)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The heartbeat explicitly allows updating Discord/Twitter/AgentGram avatars based on an internal quality judgment, but it does not require user consent, confirmation, or account-scoped authorization checks before making external account changes. In an autonomous agent context, this can cause unintended modifications to public-facing identities and third-party accounts, which is especially risky because the action is triggered as part of a periodic workflow rather than a one-off user request.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The installation guide instructs users to export a sensitive API key and persist it in shell startup files, but provides no warning about the security implications of storing long-lived secrets in plaintext configuration files. This increases the chance of accidental disclosure through dotfile syncing, backups, shared accounts, screenshots, or support logs, especially because the skill directly depends on a third-party API credential.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The README advertises personality-driven image generation but does not clearly disclose that user-provided personality data may be transmitted to an external image-generation service via SkillBoss API Hub. This creates a privacy and informed-consent issue because users may supply names, traits, or other sensitive profile details without realizing the data leaves the local environment.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The documentation describes image generation through SkillBoss API Hub but does not clearly warn that user-supplied personality, style, vibe, and related prompt content are sent to a third-party service. Because these prompts may contain sensitive identity, branding, or personal data, the lack of disclosure can mislead users into sharing content they did not expect to leave the local environment.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The script sends a prompt containing user-supplied personality fields such as name, style, and vibe to a third-party service, but it does not clearly warn the user that this content will leave the local machine. If operators place sensitive or identifying data in the personality JSON, that information is disclosed externally by design, creating a privacy and compliance risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal