Back to skill

Security audit

Raphael Ai Image

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it helps generate images through Raphael AI, then saves and shares the result, with privacy considerations users should understand.

Install only if you are comfortable with prompts being submitted to Raphael AI, images being downloaded locally, and results being posted in the current Discord channel. Avoid confidential, personal, or proprietary prompts unless the channel and external service are appropriate for that content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill automates sending user prompts to a third-party website, downloads generated images, and reposts them to Discord, but it does not clearly warn users that their input and outputs leave the local agent environment. This creates a real privacy and data-handling risk because users may provide sensitive prompts or expect local-only processing without realizing content is transmitted to external services.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.