imgforge — Free AI Image Generation

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it sends image prompts to ModelScope, downloads the result, and saves it locally, with no hidden destructive or unrelated behavior found.

Install only if you are comfortable sending prompts and generation parameters to ModelScope/Alibaba services. Treat MODELSCOPE_API_KEY as a secret, avoid pasting it into chats or committing it, and be aware that account setup may involve phone verification, a payment method, and referral or invite links.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Rogue AgentSelf-Modification, Session Persistence
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (16)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 94% confidence
Finding: The skill declares only tools but omits an explicit permissions model while clearly requiring environment access, file writes, and network activity. This reduces transparency and informed consent: users may invoke image generation without realizing the skill will contact a third-party API, use an API key, and write files/directories to disk.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The usage section encourages very natural, open-ended phrases like 'Generate an image of...' with no clear boundary that the request will invoke an external image-generation action. In an assistant environment, overly broad triggers can cause unintended tool activation from ordinary conversation, which may send user-provided text to a third-party API or consume quota without sufficiently explicit consent.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The README says the skill calls Z-Image-Turbo through ModelScope's API, but it does not prominently warn users that their prompts and related request metadata are transmitted to an external third-party service. In a coding-assistant context, users may assume local processing and unknowingly disclose sensitive or proprietary information in prompts.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger conditions are broad enough to match many ordinary requests involving images, graphics, or visualization. Overbroad auto-activation can cause the skill to run in contexts where the user did not intend external API use or disk writes, increasing the chance of accidental data disclosure or unwanted side effects.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The command examples focus on generation but do not prominently warn that output is written to a local path and that missing parent directories may be created automatically. In a tool-using agent context, undisclosed filesystem side effects can surprise users and lead to clutter, overwrites, or writing sensitive content into unintended locations.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README instructs users to place a live API token in an environment variable but does not warn that the value is a sensitive secret or advise safe handling practices. In agent/CLI workflows, users often paste commands into shared shells, logs, screenshots, or persisted shell profiles, which can lead to accidental credential disclosure and misuse of the ModelScope account or quota.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: These installation examples repeat token export commands without any credential-safety warning, increasing the chance users will expose the token through shell history, terminal recordings, CI logs, or checked-in setup scripts. Because this skill is specifically designed for use with coding agents and command-line tooling, the operational context makes accidental secret leakage more likely than in ordinary end-user documentation.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: La documentación indica al usuario que coloque un token API en una variable de entorno, pero no incluye advertencias sobre no exponerlo en historiales de shell, logs, capturas, archivos de perfil compartidos o repositorios. Aunque usar variables de entorno es una práctica común, en una skill para asistentes y CLI esta omisión aumenta el riesgo de filtración accidental de credenciales y uso no autorizado de la cuota o de la cuenta asociada.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: El README describe la generación de imágenes como una capacidad del asistente, pero no resalta de forma visible en la sección de uso que cada solicitud implica enviar prompts a un servicio externo de terceros (ModelScope/Z-Image). En el contexto de un asistente de programación, esto puede llevar a que usuarios envíen texto sensible, propietario o regulado sin comprender que saldrá de su entorno local.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The documentation instructs users to place a live API token directly into an environment variable in shell examples without warning that the token is sensitive secret material. This can lead to accidental exposure through shell history, screen sharing, pasted terminal logs, process inspection in some environments, or committing setup snippets into dotfiles and scripts.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The README tells users to place a live API token in an environment variable but gives no guidance that the token is sensitive, should not be committed to shell profiles or repos, and must not be shared in logs or screenshots. In an agent-skill context, users may copy these commands into persistent config files or chat transcripts, increasing the chance of credential leakage and unauthorized API use.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The documentation states that prompts are sent to the external ModelScope API but does not clearly warn users that their prompt content leaves the local device and may be processed by a third party. For an assistant skill, users may include sensitive business, personal, or proprietary data in prompts, so omission of a data-transmission warning creates a real privacy and confidentiality risk.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The README instructs users to place a long-lived API token directly into an environment variable via shell commands and assistant prompts, but gives no warning about keeping the token secret, avoiding paste into shared terminals, or shell/history exposure. In the context of an agent skill, this is more dangerous because users may follow the instructions verbatim inside AI-integrated environments, terminals, logs, or screenshots where secrets can be retained or leaked.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README tells users to place the ModelScope API token in an environment variable but does not explicitly warn that the token is a secret that must not be shared, committed, or logged. In agent and CLI workflows, users often paste commands into terminals, shell profiles, issue reports, or screenshots, so the lack of secret-handling guidance increases the chance of credential disclosure and unauthorized API use.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: User-supplied prompts are sent to a third-party API, but the CLI description does not clearly warn that prompt contents leave the local machine. This can cause accidental disclosure of sensitive text if users assume prompts are processed locally.

Session Persistence

Medium

Category: Rogue Agent
Content: Requires `MODELSCOPE_API_KEY`. If the user hasn't set it, guide them: 1. Create a free Alibaba Cloud account (phone verification + payment method required, but Z-Image is free) → https://www.alibabacloud.com/campaign/benefits?referral_code=A9242N 2. Sign up at https://modelscope.ai/register?inviteCode=futurizerush&invitorName=futurizerush&login=true&logintype=register and bind the Alibaba Cloud account in settings 3. Create a token at https://modelscope.ai/my/access/token 4. Set the environment variable: `export MODELSCOPE_API_KEY="ms-..."`
Confidence: 86% confidence
Finding: Create a free Alibaba Cloud account (phone verification + payment method required, but Z-Image is free) → https://www.alibabacloud.com/campaign/benefits?referral_code=A9242N 2. Sign up at https://mode

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal