Back to skill

Security audit

智谱免费图片与视频生成

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says: it uses local Node scripts to call Zhipu/BigModel image and video generation APIs with the user's API key.

Install only if you are comfortable giving the skill access to a Zhipu/BigModel API key and sending generation prompts or media URLs to that provider. Use a dedicated or limited key where possible, avoid confidential prompts or private media, and confirm batch size/model choices because they can affect quota or cost.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
82% confidence
Finding
The skill declares executable script usage and explicitly reads API credentials from environment variables, but it does not declare corresponding permissions or clearly surface that capability in a permission model. This creates a transparency and governance gap: the runtime can access sensitive secrets without an explicit user-visible declaration, increasing the risk of unintended credential exposure or misuse if scripts are modified or abused.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger examples include broad everyday phrases such as helping generate an image or video, which can cause the skill to activate in contexts where the user did not specifically intend to invoke this external-service workflow. Over-broad activation can lead to unnecessary API use, unexpected secret access, or unintended content generation requests.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill states that it will read API keys from environment variables, but it does not clearly warn users that credential access is part of operation. Even if the key is not displayed, silent secret consumption reduces informed consent and makes it harder to assess the trust boundary of the skill, especially because executable scripts are invoked with external network effects.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.