Security audit

LEGO Pixel Art Generator

Security checks across malware telemetry and agentic risk

Overview

This is a self-contained browser tool for turning an uploaded image into a LEGO-style build guide, with no evidence of network sharing, hidden installs, credentials, or automatic purchases.

Install this if you want a local LEGO pixel-art planner. Use images you are comfortable opening in the embedded page, and manually review the generated material list before buying parts; the skill creates a parts list, not an automatic purchase flow.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger phrase set includes generic terms like "pixelate," which can match many ordinary image-editing requests unrelated to LEGO art. This can cause the skill to activate unexpectedly, leading to incorrect tool routing or confusing user experiences, though it does not directly create code execution or data exposure risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal