Svg Cover Generator

Security checks across malware telemetry and agentic risk

Overview

This is a coherent SVG cover-generation skill with user-directed file output and a small local SVG validator, with no evidence of hidden data access or unsafe behavior.

Safe to install for generating SVG covers. When asking it to save output, choose the destination path deliberately and avoid overwriting important files; the optional validator runs locally against the SVG file you specify.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 76% confidence
Finding: The skill instructs writing output to a user-requested path without any guardrails on where that path may point. In an agentic environment, this can enable overwriting arbitrary files, clobbering existing project assets, or writing into sensitive locations if the agent has filesystem access. The design context makes this somewhat less dangerous than a shell-execution skill, but it is still a real file-modification risk.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal