Back to skill

Security audit

Cloudflare Image Generation (Free)

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Cloudflare image-generation tool, with privacy cautions around prompt sharing but no hidden destructive or unrelated behavior found.

Install only if you are comfortable sending image prompts to Cloudflare Workers AI and, when enabled, to the Ollama host you configure. Use a least-privilege Cloudflare token, keep the ACCESS credential file restricted, avoid secrets or confidential text in prompts, and prefer localhost or a trusted private Ollama server.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill allows a caller to set `ollama.host`/`--ollama-host`, and `httpRequest()` will POST the user's prompt to any HTTP or HTTPS endpoint, not just a trusted local Ollama instance. That creates an unintended outbound data exfiltration channel and SSRF-like behavior, especially risky because prompts may contain sensitive user data and the skill's stated purpose is image generation, not arbitrary network transmission.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrases are overly broad, especially terms like `imagine` and generic image-generation wording that can appear in ordinary conversation. This raises the chance of unintended invocation, which could send user prompts to external providers or consume credentials/resources without the user clearly requesting image generation.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The description promotes free image generation and optional prompt enhancement, but it does not clearly warn at the top-level that prompts may be transmitted to Cloudflare and potentially to a remote Ollama host. Users may disclose sensitive or proprietary text believing processing is local, when the skill can forward that data to third-party or network-accessible systems.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.