Surreal Art Generator

Security checks across malware telemetry and agentic risk

Overview

This is a small image-generation skill that sends user prompts and a supplied Neta/TalesOfAI token to a disclosed remote image API, with no hidden local access or persistence found.

Install only if you are comfortable sending your prompt, optional reference UUID, and Neta/TalesOfAI token to the remote image service. Use a limited token, avoid confidential prompts, and prefer expanding the token from a protected environment variable instead of typing the literal secret into shared shells or logs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill declares only the Bash tool while the documented behavior requires outbound network access to a third-party API, creating a capability/permission mismatch. This can mislead reviewers and users about what the skill can do, reducing transparency and making unauthorized external data transfer or token use harder to audit.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 97% confidence
Finding: The skill description says it uses the Neta API, but the analyzed behavior indicates it actually calls a different service, api.talesofai.com, and supports reference-based image generation beyond the stated description. This kind of description-behavior mismatch is dangerous because it can conceal third-party data flows, cause users to send tokens or prompts to an unexpected provider, and undermine informed consent and security review.

Description-Behavior Mismatch

Medium

Confidence: 98% confidence
Finding: The skill metadata and user-facing description claim it uses the Neta AI API, but the code actually sends prompts and authentication material to api.talesofai.com. This is dangerous because it deceives users about where their data and token are being transmitted, defeating informed consent and potentially enabling credential harvesting or unauthorized third-party data sharing.

Intent-Code Divergence

Medium

Confidence: 99% confidence
Finding: The code instructs the user to obtain a token from neta.art while the token is then sent in the x-token header to Tales of AI endpoints. This cross-service token collection pattern strongly suggests credential misdirection, where a token acquired for one service is repurposed or exfiltrated to another undisclosed service.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The README explicitly instructs users to send both their text prompts and an API token to a third-party image-generation service, but it does not clearly warn that this involves external network transmission and disclosure of user-provided content to that service. In an agent/skill ecosystem, users may assume local-only processing unless told otherwise, so the lack of an explicit data-sharing notice can lead to accidental exposure of sensitive prompts or credentials to an external provider.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal