Security audit

partial-redrawing

Security checks across malware telemetry and agentic risk

Overview

This skill is a narrow Flyelep image-editing API guide; it sends image URLs, prompts, and an API key to Flyelep as expected for its purpose.

Install only if you are comfortable sending the provided image URLs, prompts, optional reference image URLs, and Flyelep API key to Flyelep. Avoid sensitive or private images unless you accept that third-party processing, and provide the API key only at runtime rather than saving it in shared files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

External Transmission

Medium

Category: Data Exfiltration
Content: **仅通过文字提示进行局部重绘：** ```bash curl -X POST "https://www.flyelep.cn/prod-api/poster-design/api/v1/poster/aiTool/partialRedrawing" \ -H "Content-Type: application/json" \ -H "secretKey: 你的密钥" \ --max-time 300 \
Confidence: 84% confidence
Finding: curl -X POST "https://www.flyelep.cn/prod-api/poster-design/api/v1/poster/aiTool/partialRedrawing" \ -H "Content-Type: application/json" \ -H "secretKey: 你的密钥" \ --max-time 300 \ -d '{ "so

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal