Back to skill

Security audit

Chibi Gen Skill

Security checks across malware telemetry and agentic risk

Overview

This is a simple user-run image generator that sends prompts and a user-provided Neta/TalesOfAI token to the documented image API, with credential-handling caveats but no hidden persistence or destructive behavior.

Install only if you are comfortable sending your prompts and Neta/TalesOfAI API token to api.talesofai.com. Use a dedicated or low-privilege token, avoid putting secrets directly in shell history or CI logs, and do not include confidential information in prompts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
83% confidence
Finding
The skill documentation declares only a Bash tool and does not disclose that the implementation requires outbound network access. Hidden or undeclared network capability is security-relevant because users and policy engines may approve the skill under an incomplete understanding of what it can do, enabling unexpected external data transfer or API calls. In this context, the skill’s stated purpose does involve contacting an image-generation service, so the risk is somewhat reduced, but the lack of explicit permission declaration still weakens transparency and reviewability.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill claims to use the Neta AI API, but the finding indicates the implementation actually contacts a different service (talesofai.com) and supports additional reference/edit behavior not disclosed in the description. This mismatch is dangerous because it can mislead users into sending prompts, tokens, or image references to an unexpected third party, undermining informed consent, supply-chain trust, and security review; undisclosed reference-image inheritance also broadens the data exposure surface. The context makes this more serious because the skill explicitly instructs users to provide an API token, so a backend mismatch could result in credential misuse or unintended sharing of sensitive content.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The skill metadata claims it uses the Neta AI API, but the implementation actually sends prompts and credentials to talesofai.com. This mismatch is security-relevant because users may consent to one provider while their data is transmitted to another, undermining informed trust and potentially exposing prompts or tokens to an unexpected third party.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README explicitly instructs users to pass an API token on the command line, which can expose the credential through shell history, process listings, CI logs, and system monitoring tools. While this is documentation rather than executable code, it normalizes an insecure secret-handling pattern that can lead to token theft and unauthorized API usage.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
Accepting an API token via command-line argument is risky because CLI arguments are often exposed through shell history, process listings, logging, or job runners. The code then forwards that token in request headers to an external service without any warning or safer handling mechanism, increasing the chance of accidental credential leakage.

External Transmission

Medium
Category
Data Exfiltration
Content
// --- Submit job ---
async function main() {
  const makeRes = await fetch("https://api.talesofai.com/v3/make_image", {
    method: "POST",
    headers,
    body: JSON.stringify(body),
Confidence
90% confidence
Finding
fetch("https://api.talesofai.com/v3/make_image", { method: "POST"

External Transmission

Medium
Category
Data Exfiltration
Content
// --- Submit job ---
async function main() {
  const makeRes = await fetch("https://api.talesofai.com/v3/make_image", {
    method: "POST",
    headers,
    body: JSON.stringify(body),
Confidence
90% confidence
Finding
https://api.talesofai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
await new Promise((r) => setTimeout(r, 2000));

    const pollRes = await fetch(
      `https://api.talesofai.com/v1/artifact/task/${taskUuid}`,
      { headers }
    );
Confidence
84% confidence
Finding
https://api.talesofai.com/

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.