Back to skill

Security audit

Sticker Generator Cellcog

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward CellCog sticker-generation guide, with user-directed photo upload examples that deserve privacy care but do not show hidden or unsafe behavior.

Before using photo-based prompts, only upload images you have permission to use and are comfortable sending to CellCog. For purely original characters, emoji sets, and brand mascots, the skill’s behavior is proportionate to its stated purpose.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly encourages users to upload personal, pet, self-portrait, and team photos to a third-party AI service without any privacy, consent, retention, or sensitive-data warning. This can lead to unauthorized sharing of biometric or personal data, especially for team/group photos where all depicted individuals may not have consented.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.