Logo Design Guide

Security checks across malware telemetry and agentic risk

Overview

This is a coherent logo-design skill that uses a disclosed external image-generation CLI, with normal installation, billing, and privacy cautions for that workflow.

Before installing, review the inference.sh installer or use the manual checksum path, confirm you trust the provider and its billing/data policies, and avoid sending confidential brand assets or unreleased designs unless you are comfortable uploading them to external image-generation services.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The quick-start example instructs users to fetch and execute a remote install script and immediately use a networked CLI, but it does not clearly warn that commands contact external services and may transmit prompts or account-linked data. Even with an install note about checksums, piping a remote script to shell increases supply-chain and user-consent risk because users may execute unreviewed code from the network.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The upscaling example references a local image path and sends that file to an external service without an explicit user-facing warning. This can lead users to upload proprietary, confidential, or otherwise sensitive design assets without informed consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal