Back to skill

Security audit

Photo to 3D

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: convert a user-selected image into a 3D model using Gemini and Tripo3D.

Install only if you are comfortable sending chosen images to Gemini and Tripo3D and using your API quota with those services. Avoid private, sensitive, confidential, or rights-restricted images unless you have reviewed the providers' policies, and use dedicated API keys where possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tainted flow: 'model_url' from requests.get (line 179, network input) → requests.get (network output)

Medium
Category
Data Flow
Content
model_url = status_data.get("output", {}).get("model", "")
            if model_url:
                output_path = OUTPUT_DIR / f"{img_path.stem}_model.glb"
                model_resp = requests.get(model_url, timeout=120)
                output_path.write_bytes(model_resp.content)
                print(f"  📦 模型已保存: {output_path}")
                return str(output_path)
Confidence
89% confidence
Finding
model_resp = requests.get(model_url, timeout=120)

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger list includes generic phrases such as "generate 3D" and "convert to 3D model," which can match many unrelated user requests and cause unintended invocation. In this skill, accidental activation is more concerning because the workflow uploads user-provided images to third-party APIs and produces output files, so a broad trigger can lead to unexpected external data sharing.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill description explains the image-to-3D pipeline but does not warn that uploaded images are sent to external AI providers, specifically Gemini and Tripo3D. This creates a privacy and consent risk because users may provide sensitive or proprietary images without realizing they will leave the local environment and be processed by third-party services.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill transmits the user's image to external services (Gemini and later Tripo3D) but does not present an explicit warning or consent mechanism in the code path. Because photos may contain faces, documents, locations, or other sensitive information, silent third-party upload creates a real privacy and compliance risk in this skill's context.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.