Back to skill

Security audit

free quota text to image

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent text-to-image helper that uses external image providers as advertised, but users should treat prompts, tokens, and configured endpoints as privacy-sensitive.

Install only if you are comfortable sending image prompts to the configured providers. Avoid sensitive or proprietary prompt text, use trusted provider tokens and endpoints, leave openai_compatible disabled unless you control the endpoint, consider --no-optimize-prompt for privacy, and avoid running it from directories with unrelated sensitive .env files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Tainted flow: 'payload' from requests.post (line 475, network input) → requests.post (network output)

Medium
Category
Data Flow
Content
}

    try:
        response = requests.post(generate_url, headers=headers, json=payload, timeout=timeout)
    except requests.RequestException as exc:
        raise ProviderRequestError(kind="network", message=f"OpenAI-compatible request failed: {exc}")
Confidence
91% confidence
Finding
response = requests.post(generate_url, headers=headers, json=payload, timeout=timeout)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill instructs execution of a Python script that performs network requests, reads configuration files, writes output files, and may rely on environment-provided tokens, yet the skill declares no permissions or equivalent capability disclosure. This creates a transparency and governance gap: an agent or user may invoke the skill without realizing it can exfiltrate prompts to third-party providers, consume local secrets, or write files locally.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill documents sending prompts to multiple external image providers and saving files locally, but it does not warn users that their prompts may be transmitted to third parties or that local files may be created/overwritten. In a skill that emphasizes automatic provider routing and fallback, this is more dangerous because user data may be sent to several services during retries without explicit awareness.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
User prompt text is transmitted to external translation/optimization providers without any in-code indication of notice, consent, or sensitivity checks. In an agent skill, prompts often contain private user data, internal instructions, or proprietary content, so silent forwarding to third parties can create confidentiality and compliance risks.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The code transmits user prompts and bearer tokens to external providers without any mechanism in this file to surface consent, warning, or data-handling disclosure. In a multi-provider routing skill, that matters because prompts may contain sensitive information and the skill can silently send them to different third parties.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script sends the user-supplied prompt to third-party providers via the generation workflow, but there is no explicit consent prompt or warning at the point of use. This can expose sensitive or proprietary text to external services, especially because the tool automatically routes across multiple providers and may also perform prompt optimization using provider-specific services.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.