Back to skill

Security audit

Demo Precacher

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it makes real AI and voice API calls and stores generated child-themed demo content in an external database with incomplete scoping and cleanup guidance.

Install only if you intentionally want a demo seeding tool that makes live Mistral, ElevenLabs, optional Gemini, and Turso calls. Before running it, set a verified Turso endpoint in code, use limited demo-only API keys, avoid real child or personal data, review provider terms and costs, and plan how to delete cached story/audio rows after the presentation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
84% confidence
Finding
The skill's stated purpose is benign, but the described behavior goes beyond that scope by generating additional content types, writing data to a Turso database, and failing to perform the advertised verification and coverage reporting. This mismatch is dangerous because users may grant API keys and network access under false assumptions, increasing the chance of unintended data processing, cost incurrence, or persistence of sensitive/demo content in external systems.

Description-Behavior Mismatch

High
Confidence
94% confidence
Finding
The implementation materially exceeds the declared purpose of 'precache demo content before live presentations' by generating new stories, audio, SFX, and potentially images, then storing them in the database. This scope drift increases attack surface, privacy exposure, cost, and operational risk because the skill is no longer just warming known demo endpoints but creating and persisting novel content through multiple external services.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The image-generation path is unrelated to the stated task of pre-hitting demo endpoints and verifying playback, yet it introduces another external model provider, another API key, and another data egress path. Unnecessary capability expansion is dangerous because it broadens the skill's permissions and external dependencies without a clear business need.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script sends child-related prompts, names, language preferences, and generated story content to third-party AI/TTS providers without any user-facing notice, consent, or data-minimization controls. Even if the sample data is for a demo, this pattern can expose sensitive or personal context to external vendors and create compliance and trust issues.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.