Ecm Perchance Image

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Perchance image-generation helper; the main risk is that prompts are sent to a third-party website.

Install only if you are comfortable sending image prompts to Perchance.org. Do not enter secrets, personal information, proprietary text, or confidential project details as prompts, and review/install the Python dependencies from trusted sources.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill explicitly sends user-provided prompts to Perchance.org, an external third-party service, but the documentation does not clearly warn users that their input will leave the local environment. This creates a real privacy and data-handling risk because users may enter sensitive prompts under the assumption the skill is local or trusted, and those prompts may be logged, retained, or processed by the external site.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: User-supplied prompt text is sent to a third-party service without any explicit disclosure, consent flow, or privacy warning. In an agent skill context, users may reasonably assume local processing, so silent transmission can expose sensitive prompts, proprietary data, or personal information to an external provider.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal