Back to skill

Security audit

Meme Cog

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only meme-generation skill that uses a disclosed CellCog API key and dependency, with no hidden code or unsafe behavior found.

Install this if you are comfortable using CellCog for meme generation. Do not include secrets, credentials, confidential business data, regulated data, proprietary code, or private images in prompts or attachments unless CellCog is approved for that data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill requires a CELLCOG_API_KEY and instructs users to submit prompts through the CellCog client, which strongly implies prompts and task data are sent to an external third-party service. However, the documentation does not clearly warn users that their prompts, attached content, or potentially sensitive workspace-derived task data may leave the local environment, creating a transparency and data-handling risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.