SGLang-Diffusion Image Generation

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward helper for generating images through a local or user-chosen SGLang-Diffusion server.

Install this if you intend to use a local or trusted SGLang-Diffusion server. Avoid passing API keys directly on the command line when possible, and remember that prompts and optional credentials are sent to the server you configure while generated images are saved locally.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The notes state that output defaults to a timestamped PNG in /tmp/, but they do not clearly warn users that invoking the skill causes a filesystem write as a side effect. While writing an image file is expected for an image-generation skill, the lack of explicit disclosure can still surprise users and may overwrite expectations around ephemeral or no-write operation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal