使用火山引擎豆包模型生成图片。通过火山引擎豆包图片生成 API 创建图片。支持自定义提示词、尺寸、模型等参数。 ## 环境变量 - VOLCENGINE_IMAGE_API_KEY - 豆包 API Key（必填） ## 使用方式生图：一只可爱的小猫 ## 支持的尺寸 1024x1024, 1280x720, 720x1280, 1024x768, 768x1024

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Doubao image-generation skill, with disclosed API-key use and local image saving, though its hard-coded output path should be checked before use.

Install only if you are comfortable sending prompts and generation settings to Volcengine using your own API key, and having generated images written locally. Before use, review or change the hard-coded output directory because it currently targets a specific Windows user path rather than a portable, user-selected folder.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (7)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill documentation indicates access to an environment variable and outbound network use, but it does not declare those capabilities explicitly. Undeclared sensitive capabilities reduce transparency and prevent users or policy systems from making informed trust decisions, especially because the skill handles an API key and contacts an external service.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The stated purpose focuses on image generation via an API, but the skill also automatically downloads and writes generated content to a local filesystem path. This mismatch matters because file writes create persistence, consume disk space, and may expose users to unintended local data handling that they were not clearly told about up front.

Description-Behavior Mismatch

Medium

Confidence: 77% confidence
Finding: The skill description says it generates images via API, but the script also performs a second action: downloading the returned image and saving it locally. This hidden side effect increases capability beyond the stated purpose and can surprise users, especially in an agent environment where local filesystem writes may have privacy or policy implications.

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The script writes files to a hard-coded user-specific workspace path without validating that this location is appropriate for the runtime environment or expected by the user. In agent contexts, fixed local writes can create unintended persistence, overwrite risks, and data placement outside approved directories.

Vague Triggers

Medium

Confidence: 78% confidence
Finding: The invocation example uses a broad natural-language trigger ('生图：...') without clear activation boundaries or scoping rules. Overly generic triggers can cause accidental invocation in ordinary conversation, leading to unexpected API calls, secret use, or file generation without deliberate user intent.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill notes that images are saved to disk, but the description lacks a prominent user warning that generated files are automatically written locally. Missing this warning undermines informed consent and can lead to unanticipated storage of sensitive or policy-restricted content on the user's device.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The script downloads and stores content automatically without warning, confirmation, or an explicit save parameter. Silent persistence is risky in assistant/agent workflows because users may believe they are only invoking remote image generation, not causing local file writes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal