Barbie Style Generator

Security checks across malware telemetry and agentic risk

Overview

This is a small image-generation skill that sends prompts and a user-supplied Neta token to an external API, with no evidence of hidden persistence or unrelated access.

Install only if you are comfortable sending prompts, optional reference image UUIDs, and a Neta API token to api.talesofai.com. Use a dedicated low-scope token if available, avoid sensitive personal data in prompts, and prefer an environment variable or short-lived token over typing a long-lived secret directly into command history.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 83% confidence
Finding: The skill declares only Bash tooling while analysis indicates network capability, yet there is no explicit permission declaration warning users that prompts, tokens, and possibly reference identifiers will be sent off-platform. This creates a transparency and consent problem and can lead to unintended data exposure when the skill is invoked in environments that rely on declared permissions for trust decisions.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 94% confidence
Finding: The documented behavior says the skill uses the Neta API, but static analysis reports that it actually contacts api.talesofai.com and supports reference-asset inheritance not fully disclosed in the description. That mismatch is dangerous because users may provide API tokens or proprietary prompts under false assumptions about the recipient and processing of their data, increasing the risk of credential misuse, privacy violations, and deceptive exfiltration to an unexpected third party.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal