Back to skill

Security audit

Jimeng-Image-Generater

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it generates images through Volcengine Jimeng and can optionally send the result to Feishu, with privacy and credential-handling caveats.

Install only if you are comfortable sending image prompts and reference image URLs to Volcengine and, when using the target option, sending the generated image URL and caption through a local Feishu bridge. Use a dedicated low-privilege Volcengine key where possible, avoid sensitive prompts or private image URLs, and be cautious on shared machines because the helper passes the secret key through a process argument.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill documentation describes networked and shell-based behavior, including calls to Volcengine and optional delivery to Feishu, but does not declare corresponding permissions. This creates a transparency and consent problem: users or hosting platforms may not realize the skill can send prompts, image references, and generated content to external services or execute local shell scripts.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill advertises automatic sending of generated image URLs to a Feishu user, but does not warn that user prompts, reference images, metadata, or generated results may be transmitted to external providers. In practice, this can lead to unintended disclosure of sensitive or proprietary content to Volcengine and Feishu without informed user awareness.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script sends user-provided prompts and optional reference image URLs to Volcengine, which means potentially sensitive user content is transmitted to a third-party service. In an agent-skill context, this is dangerous when users are not clearly informed that their inputs and referenced media will leave the local environment.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
When a target is supplied, the script automatically forwards the generated image URL, caption, and recipient identifier to a local Feishu messaging bridge. This creates an outbound data-sharing path that may surprise users and can leak generated content or metadata to another system without explicit confirmation.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script accepts the access key and secret key directly via command-line arguments, which commonly exposes them through shell history, process listings, job control logs, and CI/CD command traces. In a signing utility for cloud API authentication, this meaningfully increases the chance of credential disclosure and unauthorized API use if the host is shared or monitored.

External Transmission

Medium
Category
Data Exfiltration
Content
local payload_hash=$(echo "$auth_info" | head -2 | tail -1)
    local authorization=$(echo "$auth_info" | tail -1)
    
    local response=$(curl -s -X POST "$SUBMIT_URL?$query" \
        -H "Content-Type: application/json" \
        -H "Host: visual.volcengineapi.com" \
        -H "X-Date: $current_date" \
Confidence
90% confidence
Finding
curl -s -X POST "$SUBMIT_URL?$query" \ -H "Content-Type: application/json" \ -H "Host: visual.volcengineapi.com" \ -H "X-Date: $current_date" \ -H "X-Content-SHA256: $p

External Transmission

Medium
Category
Data Exfiltration
Content
local target="$3"
    
    if [ -n "$target" ]; then
        curl -s -X POST "http://localhost:18789/message" \
            -H "Content-Type: application/json" \
            -d "{
                \"action\": \"send\",
Confidence
91% confidence
Finding
curl -s -X POST "http://localhost:18789/message" \ -H "Content-Type: application/json" \ -d

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.