Visual Prompt Engine

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a disclosed visual-prompt helper that scrapes public design references and stores local prompt/reference data for deduplication.

Install only if you are comfortable with the agent fetching public Dribbble references and keeping local JSON files, including prompt history. Do not enable the optional cron refresh unless you want recurring background updates, and avoid using sensitive creative briefs if you do not want them retained in local history.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 96% confidence
Finding: The skill documentation describes file read/write and network-backed scraping behavior, but no permissions are declared. That creates a trust and containment gap: a host may invoke the skill without presenting clear consent for local persistence or external access, enabling unexpected data collection, disk writes, and network interaction. In this context the behavior is related to the skill's function, so it is not inherently malicious, but the undeclared capabilities still increase operational and privacy risk.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 90% confidence
Finding: The stated purpose is prompt generation, but the documented behavior expands into scraping, dataset creation, local storage, keyword scoring, and CLI-style data management. This mismatch can cause an orchestrator or user to grant the skill broader trust than intended, leading to unexpected network activity and persistence beyond a simple prompt-writing task. The extra behaviors are functionally related, which reduces suspicion of malice, but hidden operational scope is still a real security and transparency issue.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill stores scraped reference data and generated prompt history on disk, but the user-facing description does not warn about that persistence. Undisclosed local storage can expose sensitive user prompts, creative concepts, or imported reference metadata to later access, retention, or cross-session leakage. Because the persistence is intentional and central to deduplication, the context makes the omission more important, not less.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal