Security audit

AI Image Generator

Security checks across malware telemetry and agentic risk

Overview

The plugin does what it claims, but it handles API keys and sends/logs image prompts in ways users should review before installing.

Install only if you trust the publisher and the configured image API endpoint. Prefer entering the API key through a sensitive configuration UI instead of a slash command, avoid sending confidential prompts, and review or change the default baseUrl before use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (6)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 79% confidence
Finding: The skill explicitly depends on a third-party image API and instructs the assistant to make outbound requests, but no corresponding permission declaration is present. This creates a transparency and policy-enforcement gap: users or the host platform may not realize the skill can send prompts and metadata off-box to an external service.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 91% confidence
Finding: The documented behavior says the skill generates images, but the analyzed behavior also includes collecting/persisting an API key and communicating with a specific external endpoint not disclosed in the description. That mismatch is dangerous because it hides sensitive-data handling and outbound transmission from users and reviewers, undermining informed consent and making secret exposure or misuse harder to detect.

Vague Triggers

Medium

Confidence: 76% confidence
Finding: The trigger guidance allows activation when a user merely provides a description of a scene or concept and wants a visual representation, which is broad enough to capture ordinary conversation. Over-broad invocation can cause unintended external API calls, unnecessary prompt exfiltration to third parties, and surprise costs or side effects for the user.

Vague Triggers

Medium

Confidence: 80% confidence
Finding: Generic trigger phrases like 'draw something' and broad multilingual variants increase the chance that the skill is invoked unintentionally in contexts where the user did not mean to call an external image service. In this skill's context, accidental invocation is more concerning because prompts are sent to a third-party API and may incur charges or leak sensitive content.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The plugin sends the user's prompt to a third-party image-generation endpoint without any explicit user-facing disclosure at the point of use. Prompts can contain sensitive personal, business, or confidential information, so silent external transmission creates a privacy and data-handling risk, especially because the endpoint is not obviously a major public image provider and defaults to a specific remote service.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The manifest explicitly instructs users to supply an API key directly in a slash command (`/set_image_key <your-api-key>`), which encourages secret entry through conversational or command channels that may be logged, echoed, stored in history, or exposed to other components. In a plugin ecosystem, this is especially risky because users may not understand whether command input is treated as sensitive, making accidental credential disclosure plausible.

VirusTotal

65/65 vendors flagged this plugin as clean.

View on VirusTotal