Back to skill

Security audit

Recraft AI

Security checks across malware telemetry and agentic risk

Overview

This Recraft skill is a straightforward Recraft API helper that sends user-provided prompts/images to Recraft and saves returned images, with a documented optional account-info command.

Install only if you are comfortable providing a Recraft API token and sending selected prompts and images to Recraft for processing. Avoid sensitive or regulated images unless that external sharing is permitted, choose output filenames deliberately, and run user-info only when you want your Recraft account details printed in the local command output.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill documentation indicates access to environment variables, network communication, and file writing, but it does not declare explicit permissions for those capabilities. In an agent ecosystem, missing permission declarations weaken user awareness and policy enforcement, especially because the skill uses an API token and writes output files. The context makes this moderately dangerous because those capabilities are expected for image generation, but they still need to be transparently declared.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The skill claims to perform image-generation and transformation tasks, but it also exposes a user-info command that retrieves account metadata such as ID, name, email, and credits. That is a real scope mismatch: an agent or user may invoke the skill expecting only media processing while it also accesses personally identifiable and account data. In this context, the mismatch increases risk because the undeclared behavior involves sensitive remote account information rather than merely operational metadata.

Description-Behavior Mismatch

Low
Confidence
84% confidence
Finding
The documented scope omits that the skill can retrieve user/account information, even though the command is explicitly listed. Incomplete scope disclosure can mislead users and higher-level agents about what data the skill can access, enabling unnecessary exposure of account details. The danger is lower than TP4 because this is primarily a documentation and transparency issue, but it still matters for trust and safe delegation.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script implements a `user-info` command that retrieves account information (`/users/me`) including name, email, and credits, but the declared skill description only advertises image generation/editing capabilities. This is a transparency and consent issue: users may invoke or install the skill expecting image processing only, while it also has the ability to access and display account data from the connected service.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill does not warn that prompts and uploaded images are sent to the external Recraft API, which can expose sensitive text or image content to a third party. This is a genuine privacy and data-handling issue because users may assume local-only processing when invoking a skill from an agent environment. The context makes it more significant because image inputs can contain personal, proprietary, or regulated data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.