Stability AI

Security checks across malware telemetry and agentic risk

Overview

The skill appears to expose a text-to-audio generation and upload action while presenting itself more like a read/search connector, so users should review the side effects before installing.

Install only if you expect this skill to generate audio and place the resulting file in connector transit storage. Before using `text_to_audio`, confirm the exact text, voice/settings, cost or quota impact, and where the uploaded artifact will be stored or expire.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The manifest and description frame the skill as suitable for 'searching and reading data,' but the documented action performs content generation and uploads the result to connector transit storage. This mismatch can mislead an agent or reviewer into treating the skill as read-only, reducing scrutiny and increasing the chance that a state-changing or cost-incurring action is run without proper user confirmation.

Intent-Code Divergence

Low

Confidence: 81% confidence
Finding: The safety section discusses create/update/send/post actions in general, but the only documented action already generates content and uploads a file while the skill is otherwise framed as read/search oriented. That inconsistency can cause operators to underestimate side effects such as storage writes, billing usage, or unintended content generation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal