Back to skill

Security audit

apifox-image-gen

Security checks across malware telemetry and agentic risk

Overview

The skill appears to generate images as advertised, but it sends prompts to a third-party API using an embedded API key with unclear account control.

Review before installing. Use this only if you are comfortable sending prompts to jyapi.AI-WX.CN, avoid confidential or personal data in prompts, and consider replacing the embedded API key with a user-controlled secret before relying on it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill documentation and metadata indicate it uses an external image-generation API, but the declared permissions only list exec and message and do not disclose network access. This creates a transparency and policy-enforcement gap: users or platforms may believe the skill is local-only when it can transmit prompts and data off-host to a third party.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill states it uses the jyapi.AI-WX.CN image API but does not warn users that their prompts and image-generation requests are sent to a third-party service. Because prompts may contain sensitive business, personal, or confidential information, omission of this warning can lead to unintended external disclosure.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The skill notes that images are saved to /tmp/, but it does not frame this as a user-facing warning about automatic local persistence. Automatically writing generated content to shared or inspectable temporary storage can expose sensitive or proprietary outputs to other local processes, users, or later forensic recovery depending on system configuration.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The code transmits the user-supplied prompt to an external third-party API endpoint without any explicit disclosure, consent flow, or data-sensitivity check. In an agent-skill context, prompts often contain proprietary, personal, or otherwise sensitive content, so silent exfiltration to a remote service can create privacy, compliance, and data-handling risks beyond what a user may reasonably expect.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The code fetches a remote URL returned by the API and writes the response to disk, but does not explicitly warn the user that local files will be created. In an agent environment this can surprise users, consume disk space, overwrite an operator-specified path, and persist untrusted remote content locally without validation or confirmation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.