Security audit

设计框架套件 - 框架生成器

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Telegram design-workflow automation, but users should review the companion scripts before using it with private design material.

Before installing, inspect and trust the separate design-framework-sender scripts, confirm where OpenRouter keys and Telegram bot tokens are stored, restrict the bot to the intended chat, and avoid confidential design requests or reference images unless that group and API provider are acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill description states that it will send generated previews to a group and call an external API, but it does not disclose to users what data may leave the local environment, when transmission occurs, or who can view the shared content. This creates a real privacy and data-handling risk because design requirements, attached reference images, and generated framework content may be exposed to third parties or unintended recipients without informed consent.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The instruction that the skill provides no explanatory text means it performs externally visible and potentially sensitive actions without notifying the user at runtime. In this context, silent execution increases the chance of accidental data disclosure because users may not realize that their request, attachments, or generated content are being sent to external services and group chats.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The manifest description says the skill will generate a complete design framework upon receiving a design requirement and send a group preview, but it does not clearly constrain who can trigger it, what inputs are in scope, or what authorization is required before external sharing occurs. In an automation skill tied to Telegram, this ambiguity can cause overbroad activation or unintended data disclosure to group chats, especially if user requests are interpreted too loosely.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.