AI写真助手

Security checks across malware telemetry and agentic risk

Overview

This is a small AI photo customer-service assistant that uses DeepSeek, and its network and credential use are aligned with its stated purpose.

Install only if you are comfortable with a commercial AI photo assistant using your DeepSeek API key and sending your questions to DeepSeek. Avoid entering sensitive personal information, and verify the external AI photo ordering site before uploading photos or paying.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The skill loads an API key from the environment or a local config file and sends user-supplied prompts to an external service, but the file provides no declared purpose, consent flow, or capability boundary justifying that data egress. In an agent-skill context, undisclosed network access and credential use are dangerous because they can silently exfiltrate user input and leverage local secrets without the user's informed approval.

Intent-Code Divergence

Low

Confidence: 82% confidence
Finding: The embedded system prompt hard-codes the assistant into a sales role for an AI photo service and directs users to a specific external website, while the exported API is generically named 'generate' and does not disclose this behavior. This mismatch is risky because it hides persuasive marketing behavior behind a neutral interface, increasing the chance of deceptive use or unexpected redirection of users.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The code transmits the user's prompt and a bearer token to an external API without any user-facing notice, consent, or data-handling disclosure. This creates a privacy and trust risk because user inputs may contain sensitive data, and the outbound transfer is invisible to the person invoking the skill.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill automatically reads API credentials from both the environment and a local config file under the user's home directory without informing the user. In a plugin/skill setting, silent secret discovery is dangerous because it broadens the trust boundary and can cause a seemingly simple tool to consume local credentials the user did not intend to expose to that skill.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal