Back to skill

Security audit

infinimo-ai-design-virtual-model

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a disclosed remote image-generation helper, but users should treat photo uploads, API tokens, and log operations as sensitive.

Install only if you are comfortable sending the chosen images and prompts to the provider named in the skill. Use a least-privilege or dedicated API token if possible, avoid sensitive or non-consensual real-person photos, and be careful with any log deletion command because it may remove useful audit or recovery records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill documents executable shell usage (`bash scripts/*.sh`) while declaring no corresponding permissions, creating a mismatch between the skill's effective capabilities and its declared security posture. This can mislead reviewers and users about what the skill can do, reducing scrutiny around command execution and external network access.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
This script uses the account API token to query a log-list endpoint that appears unrelated to the skill’s declared purpose of generating virtual model images. Access to account activity data expands the skill’s privilege scope and can expose usage history or operational metadata if invoked by the agent or a downstream user, which is especially suspicious given the mismatch with the advertised functionality.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs users to upload source photos to a third-party service but does not clearly warn that potentially sensitive personal images will leave the local environment and be processed externally. Because the content involves real-person photos and face-related prompts, the privacy risk is elevated and users may unknowingly transmit biometric or sensitive commercial imagery.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The documentation exposes a destructive deletion endpoint for logs without warning that invoking it removes records and may hinder auditability, troubleshooting, or recovery of generated output references. While not directly enabling system compromise, it can cause accidental data loss or erase useful activity history.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script transmits both a user-selected local file and a bearer-style API token to a remote third-party endpoint with no interactive warning, confirmation, or disclosure in the script output. In an agent-skill context, this can cause unintended exfiltration of sensitive local images or credentials if the caller does not clearly understand that invoking the helper performs a network upload.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.