Materials Cli

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate schema-to-image CLI, but it should be reviewed because its AI generation path depends on missing local code and has some under-scoped credential and Windows shell handling.

Install only if you trust the publisher and can verify the missing materials-agents dependency. Prefer OPENAI_API_KEY over --api-key, avoid sensitive prompt content or untrusted custom base URLs, and be cautious running untrusted prompt or file path strings on Windows.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The `generate` command sends user prompts to OpenAI or a configured API endpoint, but the skill does not clearly warn users that their prompt content may leave the local environment and be processed by a third party. This creates a real privacy and data-handling risk if users include sensitive schemas, proprietary design details, or confidential text in prompts.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The CLI accepts an OpenAI API key directly via the `--api-key` command-line argument, which exposes the secret to shell history, process listings, terminal logging, and CI job output. In a developer tool that may be run locally or in shared environments, this creates a realistic risk of credential leakage even if the feature was added for convenience.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal