Back to skill

Security audit

WiseDiag-Calories

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed cloud-based food photo calorie estimator that uploads user-selected images or image URLs to WiseDiag and saves the returned analysis locally.

Install only if you are comfortable sending selected food photos, image URLs, and related question text to WiseDiag cloud servers. Prefer a temporary environment variable or a dedicated secret manager for the API key instead of adding it permanently to shell startup files, and avoid uploading images with private people, documents, locations, or other sensitive background details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
97% confidence
Finding
The skill documentation clearly indicates use of environment variables, network access to WiseDiag cloud servers, and file writes to the local workspace, yet no corresponding permissions are declared. This creates a transparency and policy-enforcement gap: users or the hosting platform may not realize the skill can exfiltrate local image content, consume secrets, and write files, increasing the risk of unintended data disclosure or execution with broader capabilities than expected.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation rules include broad natural-language triggers such as 'or similar requests' around common calorie-estimation phrasing, which can cause the skill to fire on ambiguous user messages. In this skill's context, unintended invocation is more concerning because activation may lead to external transmission of user-provided image URLs or local files to a third-party cloud service, creating avoidable privacy exposure.

Session Persistence

Medium
Category
Rogue Agent
Content
# Temporary (current terminal session)
export WISEDIAG_API_KEY=your_api_key_here

# Permanent (add to ~/.zshrc or ~/.bashrc)
echo 'export WISEDIAG_API_KEY=your_api_key_here' >> ~/.zshrc
source ~/.zshrc
```
Confidence
92% confidence
Finding
add to ~/.zshrc

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.