Back to skill

Security audit

Ace Banana2 Image Generation / Ace Banana2 图像生成

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: generate or edit images through AceData while saving results locally and storing the user's API token for reuse.

Install only if you are comfortable sending prompts and selected images to AceData. Keep the .env file private, avoid using sensitive images, and rotate or delete the API key if the skill directory is shared, backed up, or committed to source control.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill documentation indicates capabilities to read local files, write files, access environment-like secrets, and make network requests, but it does not declare permissions. This is dangerous because users and the platform cannot accurately assess or gate the skill's access, especially since it persists credentials and writes outputs to the Desktop while communicating with a remote API.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The documented purpose understates materially sensitive behaviors: accepting remote image URLs, persisting the API key to a local .env file, and downloading/saving files to the user's Desktop. This mismatch is dangerous because it can lead users to authorize a skill for simple image generation without realizing it also stores secrets locally and performs broader file/network operations than implied.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
Saving the Bearer Token in a local .env file creates a persistent secret on disk without an explicit warning about theft, accidental inclusion in backups/repositories, or exposure to other local processes/users. In the context of a network-enabled skill that uses paid API access, leaked tokens can enable unauthorized API use, billing abuse, and access to the user's service account.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
When --api_key is supplied, the script silently persists the bearer token to a .env file on disk. This creates unnecessary credential exposure because local files may be readable by other users, accidentally committed to source control, or captured in backups without the user's awareness.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script writes an interactively entered bearer token to .env without clearly informing the user that the secret will be stored on disk. Silent persistence increases the chance of credential leakage through local access, backups, or accidental repository inclusion.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.