Security audit
materials-science-figure-skill
Security checks across malware telemetry and agentic risk
Overview
This skill coherently provides disclosed image-generation and local plotting tools for materials-science figures, with appropriate warnings around API keys and third-party endpoints.
Before installing, confirm you intend to use a Gemini-compatible image provider and understand that image mode sends prompts, API credentials, and selected input images to that endpoint. Prefer the official Google endpoint, use the API key file option where possible, and only enable third-party endpoints when you explicitly trust that provider.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
44/44 vendors flagged this skill as clean.