Security audit

Pet To Human Generator

Security checks across malware telemetry and agentic risk

Overview

This appears to be a purpose-built image-generation skill that uses a third-party API, with privacy and token-handling documentation gaps but no evidence of deception, persistence, or unrelated access.

Install only if you are comfortable sending image prompts and optional reference identifiers to the Neta/TalesOfAI service. Avoid putting sensitive personal details in prompts, prefer an environment variable or secret manager for the API token instead of a command-line flag, and confirm the agent asks before making external requests.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill declares only `tools: Bash` while the documented behavior clearly requires outbound network access to the Neta API. Hidden or undeclared network capability weakens permission transparency, making it harder for reviewers and users to understand what external communication and data sharing will occur, especially if prompts or images are sent off-platform.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The README explicitly instructs users to send free-form prompts and an API token to a third-party image-generation service, but it does not warn that prompt contents, reference IDs, and authentication material are being transmitted off-platform. This is dangerous because users may unknowingly submit sensitive personal data in prompts or mishandle tokens, creating privacy, retention, and account-misuse risks.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The activation guidance is broad enough that the skill may trigger on a wide range of ordinary image-generation requests involving pets and humans. Over-broad trigger criteria can cause unintended execution of a networked skill, increasing accidental data disclosure to a third-party API and reducing user control over when the tool is invoked.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill sends the user's prompt and optional reference identifier to a third-party API without any in-code disclosure, consent flow, or warning that user-supplied content leaves the local environment. In an agent-skill context, this is a real privacy and transparency issue because users may reasonably assume their input is processed locally unless explicitly told otherwise.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The script accepts an API token via a command-line flag and transmits it in a request header, but provides no warning that command-line arguments may be exposed via shell history, process listings, logs, or orchestration tooling. This creates a credential-handling weakness even though TLS is used for transport.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.