公众号封面 & AI 配图

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed WeChat article image-generation helper that uses a user-configured image API and local Python scripts without hidden persistence or unrelated behavior.

Install only if you are comfortable sending image prompts and possible article excerpts to the image endpoint you configure. Use a dedicated low-privilege IMAGE_MODEL_API_KEY, keep unrelated secrets out of aws.env, and verify that image_model.base_url points to a provider you trust.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The manifest grants "shell" access to a skill whose stated purpose is only generating WeChat article cover and inline images. That permission materially expands the attack surface because prompt-driven or skill-driven shell execution can enable arbitrary command execution, local file access, tool chaining, and abuse of host credentials, none of which are justified by the metadata.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal