Security audit

Miaoji Model Shot

Security checks across malware telemetry and agentic risk

Overview

This skill drafts fashion shoot plans and AI image prompts, with no evidence of hidden access, persistence, network calls, or destructive behavior.

Install only if you want a fashion product photo-planning helper that creates prompts for third-party image tools. Review generated prompts and any later images for marketplace, brand, likeness, and content-policy compliance before commercial use.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 89% confidence
Finding: The README makes a materially misleading safety/scope claim by stating the skill does not involve image generation or virtual character creation, while elsewhere explicitly advertising prompt generation for Midjourney and Stable Diffusion. This inconsistency can bypass user, platform, or policy scrutiny by disguising an image-generation capability as mere planning/documentation, increasing the risk of misuse or incorrect risk classification.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.