Back to skill

Security audit

Anime Meme Collector

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed meme-collection skill, but it weakens HTTPS checks while automatically persisting public web content for later AI use.

Review before installing. Only use it if you are comfortable with a script contacting public Chinese web platforms and updating a local meme database. Do not enable scheduled updates until TLS verification is restored, and treat the generated database as untrusted trend context rather than authoritative facts or instructions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The dataset materially exceeds the stated purpose of an anime/ACG meme collector by including unrelated news, investing, anti-rumor messaging, and broad internet phrases. This creates scope creep that can pollute downstream retrieval or triggering logic, causing the skill to surface irrelevant or misleading content and weakening any trust boundary based on the skill’s declared domain.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The script globally disables TLS certificate validation by setting check_hostname to false and verify_mode to CERT_NONE, which allows man-in-the-middle attackers to impersonate remote HTTPS endpoints. In this skill, that means an attacker on the network path could tamper with fetched trending data and poison the generated meme database with arbitrary content while the client believes the connection is secure.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill advertises automated external fetching and scheduled daily updates, yet the documentation does not prominently warn users that it will perform network access and background execution. This is risky because hidden or insufficiently disclosed background activity can lead to unexpected outbound traffic, persistence, and silent changes to local data over time.

Natural-Language Policy Violations

Medium
Confidence
82% confidence
Finding
The skill hard-codes Chinese internet sources and a Beijing/Shanghai timezone workflow as the default behavior without any indication of user consent, regional preference, or configurability. This can cause unwanted external data access, locale-specific behavior, and potentially expose users or systems to compliance, privacy, or policy issues when operated in other regions or contexts.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger list includes many generic phrases such as common chat slang, gaming terms, and everyday expressions that are not uniquely tied to anime memes. If this list is used for activation, retrieval, or behavior switching, ordinary user input could unintentionally trigger the skill, causing prompt/context injection into unrelated conversations and lowering precision in a way that can be abused.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
Disabling TLS verification for outbound requests removes authentication of the remote server and defeats HTTPS protections. Because this script automatically ingests and persists remote content, a network attacker can alter responses and silently inject malicious or misleading entries into local data stores.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.