MenuVision

Security checks across malware telemetry and agentic risk

Overview

MenuVision is an instruction-only restaurant menu builder that clearly discloses its Gemini processing and optional GitHub publishing.

Install only if you are comfortable sending menu content, screenshots, PDFs, photos, and generated prompts to Google Gemini. Use a dedicated Google API key if possible, and set GITHUB_PAT only when you intentionally want the agent to publish generated menu files to your own GitHub Pages repository.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger list includes generic phrases like 'build a menu', 'digital menu', and 'create restaurant menu' that can match common user requests beyond this specific pipeline. In an agent environment, overly broad invocation conditions can cause the skill to activate unexpectedly, sending user-provided URLs, files, or menu content to external services and initiating costly or privacy-sensitive processing without clear user intent.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal