Back to skill

Security audit

Miaoji Model Shot

Security checks across malware telemetry and agentic risk

Overview

This skill drafts fashion shoot plans and AI image prompts, with no evidence of hidden access, persistence, network calls, or destructive behavior.

Install only if you want a fashion product photo-planning helper that creates prompts for third-party image tools. Review generated prompts and any later images for marketplace, brand, likeness, and content-policy compliance before commercial use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The README makes a materially misleading safety/scope claim by stating the skill does not involve image generation or virtual character creation, while elsewhere explicitly advertising prompt generation for Midjourney and Stable Diffusion. This inconsistency can bypass user, platform, or policy scrutiny by disguising an image-generation capability as mere planning/documentation, increasing the risk of misuse or incorrect risk classification.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.