Miaoji Scene Studio Pro

Security checks across malware telemetry and agentic risk

Overview

This is a self-contained visual strategy skill with no evidence of credential use, network access, persistence, or destructive behavior.

Reasonable to install for marketplace visual planning. Review generated prompts before commercial use, especially any demographic assumptions, and note the minor packaging metadata inconsistencies.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 86% confidence
Finding: The generated prompt hard-codes a demographic attribute ('Asian female model') without user opt-in, which can embed bias, create discriminatory outputs, and produce inappropriate or policy-violating content in downstream image generation systems. While this is not a classic code-execution issue, the skill context makes it more concerning because it directly shapes generated creative assets at scale and may systematically enforce sensitive-attribute defaults.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal