Smart Meme Generator

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do what it says, but it uses a shared hardcoded Imgflip account and sends user captions to a third-party service with incomplete disclosure.

Install only if you are comfortable with meme captions or topics being sent to Imgflip. Prefer configuring your own Imgflip credentials through environment variables, avoid sensitive or private text in prompts, and treat the bundled shared account as a convenience with privacy and reliability tradeoffs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration

Findings (9)

Tainted flow: 'req' from os.environ.get (line 103, credential/environment) → urllib.request.urlopen (network output)

Critical

Category: Data Flow
Content: ) try: with urllib.request.urlopen(req, timeout=15) as resp: result = json.loads(resp.read()) if result.get("success"): return result["data"]["url"]
Confidence: 99% confidence
Finding: with urllib.request.urlopen(req, timeout=15) as resp:

Lp3

Medium

Category: MCP Least Privilege
Confidence: 85% confidence
Finding: The skill advertises executable commands that use environment variables and make outbound network requests, but no permissions are declared. This weakens platform-level transparency and control, making it easier for the skill to access sensitive runtime context or transmit user content without clear review boundaries.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The skill description materially understates what the skill does: it sends content to a third-party API, relies on account credentials, and claims AI caption generation that is actually delegated to the agent/user. This mismatch can mislead users and reviewers into approving or invoking the skill without understanding the privacy, billing, and trust implications.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The module documentation claims no API key is required, but the implementation actually uses account credentials and even embeds defaults. This mismatch can mislead operators into approving or running the skill without understanding that third-party authentication and outbound data sharing occur.

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The skill accesses environment secrets and also contains embedded third-party account credentials not justified by the described behavior. In an agent setting, unnecessary secret access expands the trust boundary and can enable unintended credential exposure or unauthorized use of external accounts.

Vague Triggers

Medium

Confidence: 76% confidence
Finding: The invocation language is broad enough to match many generic requests for jokes, reaction images, or social content, increasing the chance the skill is triggered in contexts where users did not intend external image generation or data sharing. Over-broad routing raises the risk of unnecessary third-party transmission and unexpected tool execution.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill instructs the agent to send captions/topics to imgflip but does not clearly warn that user-provided text will be transmitted to an external service. This creates a privacy and consent problem, especially if users include sensitive, personal, or proprietary content in prompts or captions.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: Referencing a bundled or shared imgflip account without clear warnings introduces credential-handling and accountability risks. Shared credentials can be abused, rotated unexpectedly, rate-limited, or expose one user's content/actions to another account context, making both misuse and privacy incidents more likely.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: User-provided captions and account credentials are sent to imgflip, but the script gives no clear warning that prompt content leaves the local environment. In agent workflows, users may unknowingly include sensitive or proprietary content, creating privacy and compliance risk when that data is transmitted to a third party.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal