Back to skill

Security audit

Liminal Space Generator

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a straightforward image-generation helper that sends prompts and a user-provided Neta API token to the documented Neta/TalesOfAI service.

Install only if you are comfortable sending prompts, optional reference image IDs, and your Neta API token to the Neta/TalesOfAI service. Prefer using shell environment expansion such as "$NETA_TOKEN" over typing a long-lived token directly, and avoid putting sensitive information in image prompts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script requires an API token via the --token command-line argument and then sends it in an HTTP header to a remote service. Passing secrets on the command line is unsafe because they are often exposed via shell history, process listings, CI logs, and telemetry, making credential leakage more likely even though the transmission itself is over HTTPS.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.