Back to skill

Security audit

xAI

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward xAI/Grok API wrapper that sends user-requested prompts, image files, and X search queries to xAI when invoked.

Install only if you are comfortable sending prompts, X search queries, and any image files you choose to analyze to xAI under your API key. Use a dedicated xAI key if possible, monitor usage or billing, and verify the intended release because the bundled version metadata is inconsistent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The skill description and manifest overstate supported capabilities and omit some actual behaviors, including alternate credential-loading behavior and model/listing operations. Security reviews and users rely on accurate declarations to understand what a skill can access and do; mismatches can hide data flows such as reading local config secrets or making unexpected network calls.

Vague Triggers

Medium
Confidence
82% confidence
Finding
Broad triggers like `grok` and `xai` can activate on ordinary conversation rather than an intentional tool invocation. That can cause unplanned external API calls and transmission of user prompts or attached content to a third-party service, which is a real security and privacy concern for a chat-integrated skill.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script sends user prompts and, when used, full image contents to the external xAI API, but it does not provide any explicit disclosure, confirmation, or guardrail before transmitting potentially sensitive local data off-host. In this skill context, that behavior is core functionality rather than malicious, but it is still a real privacy/security issue because users may unknowingly submit secrets, personal data, or proprietary images to a third-party service.

Shadow Command Trigger

Medium
Category
Trigger Abuse
Confidence
84% confidence
Finding
The trigger `ask grok` overlaps with a built-in `ask` command namespace, creating ambiguity about which handler runs. Command-shadowing can redirect user intent to this external-network skill, leading to unintended data disclosure, incorrect execution paths, or bypass of expected platform behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.