Vpick Ai Image Generator

Security checks across malware telemetry and agentic risk

Overview

This is a coherent VPick image-generation skill that clearly discloses cloud processing, account-token use, stored images, and credit charges.

Install only if you intend to use VPick for cloud image generation. Treat the MCP URL as an account credential, avoid sending sensitive prompts or reference images unless VPick and its model providers are acceptable for that data, and monitor credit usage because generations can spend your VPick balance.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The skill description uses broad triggers like 'generate image', 'create an image', 'AI image', and similar generic phrases that can match many ordinary user requests. This can cause the skill to activate unexpectedly, sending user prompts and possibly reference images to an external third-party service, which increases the risk of unintended data disclosure, cost-incurring actions, and overbroad tool use.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal