Back to skill

Security audit

Ai Maker

Security checks across malware telemetry and agentic risk

Overview

This image-generation skill is not malicious, but it claims successful image generation while the code only creates or returns placeholder paths instead of producing images.

Install only if you understand this appears to be a scaffold or prototype rather than a working image generator. Do not rely on reported success or returned file paths unless the implementation is updated to call the real providers and verify output files. Avoid putting sensitive business details in prompts unless you are comfortable with prompt excerpts being saved in local history.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill declares no permissions or dependencies, yet the file structure and documented behavior indicate file read/write capabilities via configuration files, output image paths, and generation history storage. This creates a permission transparency gap: operators may approve or run the skill without understanding that it can access and modify local files, increasing the risk of unintended data exposure or unauthorized writes if the implementation is broader than the documentation suggests.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The generate method advertises image generation but never invokes the discovered script or any LiblibAI backend. Instead it fabricates success responses and file paths for images that do not exist, which can mislead downstream automation into treating nonexistent artifacts as real outputs and making incorrect workflow or security decisions.

Intent-Code Divergence

Low
Confidence
88% confidence
Finding
The controlnet method claims ControlNet capability but only echoes user input and returns an informational message. This creates a deceptive interface that can cause callers to assume an image transformation or validation occurred when nothing actually happened, weakening trust and potentially breaking safety or business logic built around the result.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The natural-language invocation examples are very broad and resemble ordinary user requests, which can cause accidental triggering or ambiguous routing in systems that auto-select skills based on prompt content. In a multi-skill environment, this increases the chance that image-generation actions occur when the user did not explicitly intend to invoke this skill, potentially leading to unwanted tool execution or file creation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.