Security audit

Snapchat Filter Art Generator

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward API-backed image generator; its main risk is that prompts, reference IDs, and the user’s Neta token are sent to the Neta/TalesOfAI service.

Install only if you are comfortable sending your prompt, selected image settings, API token, and any reference image UUID to Neta/TalesOfAI. Avoid confidential prompts or sensitive personal references, and treat command-line tokens as secrets that may appear in shell history or process listings.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill declares only Bash tooling while the documentation clearly indicates outbound network use to the Neta API, but it does not declare that capability or warn users about external data transmission. This can mislead users and reviewers about what the skill does, causing prompts, reference IDs, and tokens to be sent off-platform without informed consent.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The trigger guidance is broad enough that the skill may activate for loosely related requests, increasing the chance of unintended execution and unnecessary data sharing with the external image API. In a tool that takes free-form prompts and an API token, ambiguous invocation boundaries can cause accidental use rather than a precise, user-intended action.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The README instructs users to pass an API token on the command line without warning that credentials are sensitive, which increases the risk of token leakage through shell history, logs, process listings, screenshots, or copied commands. Because the skill also uses an external service, compromise of the token could enable unauthorized API usage or abuse of the user's account/quota.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The script requires a token and sends that token, the user prompt, and optional reference image UUID to a third-party API, but it does not clearly warn users at runtime that their input and credentials will be transmitted off-host. In a skill that may be run by end users or agents on potentially sensitive prompts or reference identifiers, this creates a meaningful privacy and secret-handling risk even though the network behavior is core to the tool’s purpose.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.