Back to skill

Security audit

avatar-generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed avatar generator that runs a pinned npm package and saves an SVG file, with ordinary npm and file-write caution but no evidence of hidden or malicious behavior.

Install only if you are comfortable with your agent downloading and running the pinned npm package through npx and creating SVG files on disk. Prefer giving an explicit output path and confirm before overwriting existing files, especially in sensitive workspaces.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill description is overly broad and uses common natural-language triggers like 'generate', 'make', and 'produce an avatar', which increases the chance of accidental invocation in unrelated contexts. Because invocation leads to package execution via npx and file creation, an unintended match can cause unnecessary external code execution and writes without the user's clear intent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to execute an external npm package through npx and to write output to a default path, but it does not clearly warn about the security implications of network package retrieval, third-party code execution, and filesystem writes. In ambiguous cases, this can lead to silent installation/execution of remote code and file creation in the current working directory without sufficiently informed user consent.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The invocation description is broad enough that the skill may trigger on generic avatar-related requests without the user clearly intending to run an `npx`-based tool or write files. In this context, the impact is limited, but overbroad matching can cause unintended package execution and filesystem writes, which increases the attack surface for accidental or unsafe activation.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The skill writes an SVG to disk, potentially in the current working directory by default, without requiring an explicit user-confirmed output location. While this is not a severe security flaw on its own, implicit file creation can surprise users, clutter workspaces, or overwrite expected locations if path handling is not carefully constrained elsewhere.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.