Xiaohongshu Image Gen

Security checks across malware telemetry and agentic risk

Overview

The image generator mostly does what it claims, but it also bundles an unrelated financial-data API client that uses a separate account token.

Review before installing. The core image-generation behavior appears coherent, but the unrelated Tushare finance helper should be removed or clearly justified. Also understand that prompts may be sent to OpenAI or Stability when those API keys are configured, and only use the local fallback if you trust the separate image-generate skill.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Medium

Confidence: 87% confidence
Finding: The fallback path executes another Python script from a workspace location under the user's home directory, which may be writable or replaceable by other local processes or skills. That creates an unintended code-execution trust boundary: invoking this image skill can execute arbitrary code if the referenced script is tampered with.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal