Moark Image Gen

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Gitee AI image generator, but prompts and the API key are used with that external provider.

Install only if you are comfortable sending image prompts and generation settings to Gitee AI. Prefer setting GITEEAI_API_KEY as an environment variable instead of passing the key on the command line, avoid confidential or regulated content in prompts, and use an isolated Python environment for the dependency.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs users to send prompts and API keys to an external image-generation API but provides no warning that user input and credentials are transmitted to a third party. This is risky because prompts may contain sensitive data and users may expose API keys via command-line arguments, shell history, logs, or process listings.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal