cloudflare-media

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Cloudflare media-generation skill, with some privacy and token-handling caveats users should understand before use.

Install only if you intend to use Cloudflare Workers AI. Prefer a dedicated config or secret store with a least-privileged Cloudflare token, avoid putting tokens in MEMORY.md, and do not submit private prompts, text, or images unless you are comfortable sending them to Cloudflare and potentially incurring API charges.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger phrases include very generic terms like “读出来” and “帮我画,” which can overlap with ordinary user requests and cause the skill to activate unexpectedly. Because the skill can read credentials and transmit user content to external Cloudflare AI services, accidental activation increases the chance of unintended data disclosure or unintended paid API usage.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill documentation does not clearly warn that prompts, text, and potentially images are transmitted to third-party Cloudflare AI endpoints. Users may provide sensitive data under the assumption processing is local, creating a privacy and consent risk when content is sent off-platform.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal