QuiverAI

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward QuiverAI API guide for generating and vectorizing SVGs, with the main caution that prompts/images and API credits are used with a third-party service.

Install only if you are comfortable giving the agent access to a QuiverAI API key and sending design prompts, reference images, or raster images to QuiverAI. Use a dedicated API key where possible, expect requests to consume credits, and avoid confidential or regulated material unless your organization allows sharing it with QuiverAI.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill clearly sends user prompts and potentially user-supplied images to QuiverAI's external API, but the documentation does not warn users that their content leaves the local environment and is processed by a third party. This can lead to inadvertent disclosure of sensitive prompts, proprietary designs, or private images, especially because the skill is specifically intended to accept user-provided creative inputs.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal