Poster Maker
Security checks across malware telemetry and agentic risk
Overview
This poster-making skill is mostly coherent, but its helper script may send an OpenRouter API key to the Ofox API endpoint despite claiming support for both providers.
Review the script before installing. Use an Ofox API key with the current code, avoid setting OPENROUTER_API_KEY for it unless the endpoint logic is corrected, and do not send confidential product or campaign details unless you are comfortable sharing those prompts with the image provider.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.