Back to skill

Security audit

Piccc AI Skills

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Piccc AI media-generation skill that stores a Piccc API key locally and writes generated files, both matching its stated purpose.

Install this only if you want your agent to access your Piccc AI account and create media tasks that may consume credits. After login, a local API key is saved; use the provided logout command or rotate the key in Piccc AI if needed, and download outputs into a dedicated folder.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README states that an API key will be automatically created and stored locally, but it does not clearly warn where it is stored, how it is protected, or the security implications of persistence on disk. Persisted credentials can be exposed through weak filesystem permissions, backups, shared machines, or accidental inclusion in logs and archives, especially in agent-based environments where users may not realize a secret is being retained.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
#!/usr/bin/env node
import { chmod, mkdir, readFile, rename, rm, writeFile } from 'node:fs/promises'
import { homedir } from 'node:os'
import { dirname, extname, join } from 'node:path'
Confidence
84% confidence
Finding
rm, writeFile } from 'node:fs/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.exposed_secret_literal (+1 more)

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
test/skills.test.mjs:232

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/piccc.mjs:114

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
test/skills.test.mjs:50

Sensitive-looking file read is paired with a network send.

Warn
Code
suspicious.potential_exfiltration
Location
scripts/piccc.mjs:486