Aios Make Chart Image

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward chart image generator that reads user-provided data and writes requested image files without hidden credential, network, persistence, or destructive behavior.

Reasonable to install for chart rendering. Use workspace-scoped input and output paths when possible, and remember that sensitive data included in a chart may be written into the generated image or optional option JSON.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (3)

Natural-Language Policy Violations

Medium

Confidence: 95% confidence
Finding: The manifest description and document content are written entirely in Chinese and frame the skill as something that 'must' be used, with no indication that language is user-selectable or that this locale restriction is justified by a region-specific requirement. This creates a natural-language policy concern because it effectively imposes a specific language/locale without opt-in.

Unpinned Dependencies

Low

Category: Supply Chain
Content: "private": true, "type": "module", "dependencies": { "echarts": "^6.0.0", "sharp": "^0.34.5" } }
Confidence: 40% confidence
Finding: "echarts": "^6.0.0"

Unpinned Dependencies

Low

Category: Supply Chain
Content: "type": "module", "dependencies": { "echarts": "^6.0.0", "sharp": "^0.34.5" } }
Confidence: 40% confidence
Finding: "sharp": "^0.34.5"

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal