Drawthings Agent
Security checks across malware telemetry and agentic risk
Overview
This image-generation skill is coherent, but it tells the agent to install an unpinned global npm package without an explicit approval step.
Review before installing. Use this skill only if you trust the @mijuu/drawthings npm package and are comfortable with a global npm install, local Draw Things configuration changes, and potentially long-running image generation jobs. Prefer approving the install manually or pinning a known package version.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.