ClawHub

Mistral Agents Orchestrator

Security checks across malware telemetry and agentic risk

Overview

The skill appears functional, but it does more than its Mistral-only description says, including sending child-story content to other providers and storing generated content.

Review before installing. Use it only if you are comfortable with a child-focused story workflow that may use Mistral, ElevenLabs, Tavily, and Gemini, and may persist child names, prompts, stories, audio, and images. Do not provide the optional non-Mistral API keys unless you intentionally want those integrations enabled.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
A description-behavior mismatch is a real security concern because it can mislead users into granting access or invoking the skill under false assumptions. Here, the skill is presented as a general Mistral orchestration utility, while the referenced behavior suggests broader capabilities including third-party API calls, content generation, caching, and storage, which materially expand data exposure and supply-chain risk.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill materially exceeds its declared purpose of Mistral orchestration by adding audio synthesis, image generation, caching, and database persistence. This capability expansion increases attack surface, data exposure, operational cost risk, and makes it harder for users and reviewers to understand what data leaves the system and where it is stored.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The code invokes Gemini-based image generation even though the skill is presented as a Mistral orchestration skill requiring only MISTRAL_API_KEY. Hidden cross-provider behavior sends story content to an additional third party and introduces undisclosed credential use and data flows.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill reads additional third-party credentials, ELEVENLABS_API_KEY and TAVILY_API_KEY, beyond the declared MISTRAL_API_KEY requirement. Undisclosed credential dependencies are dangerous because they enable broader external communication and functionality than users or operators may expect.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The endpoint claims the pipeline runs entirely via Mistral Agents and Conversations API, but the implementation also uses direct chat completion, ElevenLabs, Gemini, cache, and database services. Misleading implementation claims undermine informed consent, security review, and data-governance expectations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
User-supplied story text, child-related content, and search queries are sent to ElevenLabs and Tavily without any visible disclosure or consent mechanism in this code. Because the application targets bedtime stories for children, transmitting that content to external providers is more sensitive than ordinary generic text processing.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code stores child_name, language, generated story content, and cached audio/image data in persistent storage without any visible notice, minimization, retention policy, or access-control discussion. Persistent storage of child-associated content raises privacy and compliance concerns, especially when media caches may be large and long-lived.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal