Back to skill

Security audit

XHS Cover Generator

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it generates Xiaohongshu-style cover images, with disclosed network use for optional AI images and font download.

Install only if you are comfortable with runtime network calls. The skill may download a font from GitHub, cache files in /tmp, write a JPEG to the chosen output path, and send any --base-prompt text to Pollinations.ai. Avoid including private, proprietary, or personal information in prompts unless that external disclosure is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
if FONT_CACHE.exists() and FONT_CACHE.stat().st_size > 1_000_000:
        return str(FONT_CACHE)
    print(f"Downloading CJK font to {FONT_CACHE} ...")
    subprocess.run(["curl", "-sL", FONT_URL, "-o", str(FONT_CACHE), "--max-time", "120"], check=True)
    return str(FONT_CACHE)

# --- image generation ---
Confidence
91% confidence
Finding
subprocess.run(["curl", "-sL", FONT_URL, "-o", str(FONT_CACHE), "--max-time", "120"], check=True)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill explicitly instructs running a Python script, using curl, and accessing external services, yet no permissions are declared. This creates a mismatch between what the skill can do and what a reviewer or execution framework may expect, increasing the risk of unintended network and shell execution without adequate scrutiny or sandboxing.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The trigger description includes broad English phrases such as "make a cover image" that could match common user requests outside the narrow Xiaohongshu use case. Overbroad triggering can cause unintended invocation of a skill that performs file generation, shell execution, and network access, expanding exposure beyond the user's likely intent.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
User-supplied base prompts are sent to Pollinations.ai without any disclosure, consent flow, or warning that the text leaves the local environment. In an agent setting, users may include sensitive business data, personal information, or proprietary content in prompts, causing unintentional third-party data exposure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.