Yq Gif Sticker Generator

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill appears to do what it says, but it requires sending user photos through AI media tools and deploying the generated results online without clear opt-in or privacy controls.

Review before installing if you plan to use personal, private, or identifiable images. The skill is not clearly malicious, but it appears to require external AI processing and online deployment of generated outputs without an explicit privacy warning, visibility setting, or skip-deploy option. Use only images you are comfortable having processed by third-party services and potentially exposed through a preview link.

SkillSpector (4)

By NVIDIA

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill processes user-uploaded photos through multiple external tools/services for image understanding, editing, video generation, conversion, and deployment, but it does not clearly warn users that their images will be analyzed and transformed outside a purely local flow. This creates a privacy and consent gap: users may upload sensitive personal photos without understanding how broadly they will be processed.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill instructs deployment of generated GIFs and an HTML preview page, but does not warn users that outputs may be published or exposed via an online preview link. If users upload personal photos, this can lead to unintended public exposure of identifiable or sensitive images in transformed form.

Natural-Language Policy Violations

Medium

Confidence: 87% confidence
Finding: The skill hardcodes Chinese captions/output behavior in the description without offering users a language choice. While not a classic security flaw, it can mislead users about output format and reduce informed consent, especially if text is embedded irreversibly into generated media.

Natural-Language Policy Violations

Medium

Confidence: 86% confidence
Finding: The skill mandates Chinese caption text and Chinese download guidance in the final output with no user choice. In this context the risk is mainly user deception/usability rather than direct compromise, but it still undermines transparency and user control over generated content.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal