Sticker Cog

Security checks across malware telemetry and agentic risk

Overview

This is a coherent CellCog sticker-generation skill that uses an expected API key and user-provided prompts or images for its stated purpose.

Install only if you are comfortable using CellCog for the prompts, reference photos, mascot images, pet images, or brand assets you submit. Avoid uploading confidential, regulated, or highly personal images unless CellCog's privacy and retention terms are acceptable to you, and keep the API key protected.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs users to install and authenticate with an external CellCog service via API key, and throughout the document encourages sending prompts, uploaded photos, mascot images, pet images, and other user content to that service. However, it does not disclose that these inputs may leave the local environment and be transmitted to a third-party provider, which creates a real privacy and data-handling risk—especially because users may upload personal photos or proprietary brand assets.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal