qwenz-image-gen

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it uses an Alibaba DashScope API key to generate images and save the result locally.

Install only if you are comfortable using an Alibaba DashScope API key and sending prompts to Alibaba Cloud for image generation. Prefer an environment variable or a dedicated low-scope key, avoid committing TOOLS.md with secrets, and do not include confidential or sensitive personal data in prompts.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 88% confidence
Finding: The documented behavior goes beyond simple image generation by reading credentials from local TOOLS.md files in multiple filesystem locations and writing image outputs to disk, but these side effects are not clearly reflected in the declared purpose. This mismatch can mislead users about local file access and secret exposure surfaces, increasing the chance that credentials are sourced from unintended files or that sensitive outputs are written to unexpected locations.

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The script retrieves the API key not only from the environment but also by scanning local TOOLS.md files, including a hardcoded absolute path. This expands the secret exposure surface beyond the stated image-generation purpose and can unintentionally pull credentials from shared documentation files, making secrets easier to misuse or exfiltrate if the script is run in an untrusted workspace.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The documentation instructs users to place API keys in environment variables or TOOLS.md without warning about secret-handling risks such as accidental check-in, plaintext storage, or exposure to other tools that read local config files. Because the skill also appears to read credentials from local files, weak guidance here increases the likelihood of credential leakage or misuse.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal