Security audit

ai-photo-pro

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward cloud image-generation skill, but users should understand that prompts go to NVIDIA or SiliconFlow and API keys are stored locally in plaintext.

Install only if you are comfortable sending prompts to NVIDIA or SiliconFlow and storing those provider API keys in a local plaintext config.json. Avoid sensitive personal, business, or regulated content in prompts, and use restrictive filesystem permissions or adapt the scripts to read keys from environment variables or a secret store on shared machines.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (7)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill documentation describes network access, local file writes, and likely local file reads for config handling, but it declares no permissions. This creates a transparency and policy-enforcement gap: users and the host agent may not understand that prompts and API keys will be used for outbound requests and that files will be written locally.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: Using broad trigger language such as “或类似表达” makes activation boundaries ambiguous and can cause the skill to run on loosely related user requests. In this skill, unintended activation is more significant because execution can initiate external network requests and local file writes, increasing the chance of unanticipated data exposure or side effects.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The documentation states that generated images are saved to a fixed local path, but it does not clearly warn users that invoking the skill causes persistent file creation. Undisclosed file writes can surprise users, consume disk space, and create privacy or cleanup issues if generated content remains on the system.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill asks users to configure third-party API keys but does not clearly disclose that prompts and related data will be sent to external image-generation services using those credentials. This is dangerous because users may provide sensitive prompts under the mistaken assumption that processing is local, leading to unintended third-party data disclosure.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script prompts for API keys and stores them directly in a local config.json file in plaintext, with no encryption, permission hardening, or warning to the user. If the working directory is accessible to other local users, accidentally committed to source control, or included in logs/backups, the keys can be stolen and abused against the upstream image-generation APIs.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: User-supplied prompts are sent to an external image-generation API without any explicit notice, consent flow, or data-classification guardrails. In an agent skill context, users may provide sensitive or proprietary text assuming it stays local, so silent outbound transmission creates a privacy and compliance risk.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The script sends user-supplied prompts and optional negative prompts to a third-party remote API without any explicit disclosure or consent mechanism. In an agent setting, prompts may contain sensitive user data, so silent transmission to an external service creates a real privacy and data-handling risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal