Action Figure Skill

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward external AI image generator, but prompts, reference IDs, and the API token are sent to the Neta/TalesOfAI service.

Install only if you trust this publisher and the Neta/TalesOfAI service. Use a revocable, low-privilege API token where possible, avoid sensitive or proprietary prompt content and reference IDs, and prefer safer secret handling over exposing tokens in shell history or process listings.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 87% confidence
Finding: The skill advertises Bash usage and an external API token flow, which implies outbound network access, yet no permissions are declared. This weakens user visibility and policy enforcement because the skill can transmit prompts and tokens to external services without an explicit permission boundary.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 96% confidence
Finding: The declared behavior says the skill uses the Neta API, but the analyzed behavior indicates it actually contacts a different service, api.talesofai.com, and supports an undocumented reference-image feature. This is dangerous because users may provide API tokens and sensitive prompts under false assumptions about where data goes and what capabilities are exercised, enabling covert exfiltration or unauthorized third-party processing.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The README instructs users to send free-form prompts and optional reference image identifiers to a third-party image-generation API, but it does not clearly warn that this data leaves the local environment and is processed by an external service. This creates a privacy and data-handling risk because users may submit sensitive prompts, proprietary concepts, or linkable image references without informed consent.

Vague Triggers

Medium

Confidence: 78% confidence
Finding: The invocation guidance is overly broad, so the skill may be selected in contexts where users did not clearly intend to send content to an external image-generation service. In a networked, token-using skill, vague trigger boundaries increase the chance of accidental activation and unintended disclosure of prompts or sensitive text.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal