Back to skill

Security audit

Image Generator

Security checks across malware telemetry and agentic risk

Overview

This image-generation skill mostly matches its purpose, but it needs review because it silently attempts to read API keys from local TOOLS.md files and can write images to a caller-chosen path.

Install only if you are comfortable sending prompts to BigModel/Zhipu and using a ZHIPU_API_KEY. Prefer setting the key explicitly in the environment, avoid relying on TOOLS.md, and keep output paths inside a known workspace image directory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill documentation indicates use of environment variables, local file access, and outbound network calls, but no corresponding permissions are declared. This creates a transparency and policy-enforcement gap: an agent or reviewer may authorize the skill under incomplete assumptions, while it can still access secrets and external services during execution.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented behavior does not fully match the described purpose: the finding indicates the skill may read credentials from TOOLS.md, save files locally, and support additional model behavior beyond the stated description. Hidden credential sourcing from disk is especially risky because it expands the trust boundary and can expose secrets from unrelated local files without clear user or operator awareness.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The script unnecessarily reads credentials from local TOOLS.md files, which expands its access beyond the declared image-generation purpose and creates a path for secret harvesting from workspace or user home directories. This is especially risky in agent environments because TOOLS.md may contain unrelated secrets, and the code silently scans multiple locations to retrieve them.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.