te

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Lobster.fun VTuber streaming skill, but users should keep stream credentials private and moderate public media/actions.

Before installing, verify that the "te" listing is the Lobster.fun skill you intend to use. Store the API key and stream key securely, rotate them if exposed, and use stream/chat moderation because viewers or chosen search terms can influence visible avatar actions, GIFs, and YouTube content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The documentation instructs users to save and use long-lived secrets like api_key and stream_key, but does not warn against exposing them in logs, chat output, screenshots, or on-stream content. In a live-streaming skill, the risk is elevated because operators may accidentally reveal credentials publicly, enabling unauthorized stream control or account misuse.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal