Story Cover

Security checks across malware telemetry and agentic risk

Overview

This is a coherent novel-cover generator that uses an image API and saves cover files locally, with no evidence of hidden or destructive behavior.

Install only if you are comfortable providing GPT_IMAGE_API_KEY and sending book titles, author names, prompts, and any optional reference image to the configured image-generation endpoint. Set BOOK_DIR to a directory you control, and confirm generation before running it if the skill is invoked by a broad phrase like '封面设计'.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger list includes broad natural-language phrases such as '生成封面图' and '封面设计', which can cause accidental invocation during ordinary conversation. In an agent environment, unintended activation can lead to unexpected API calls, file writes, and use of sensitive environment-backed credentials without the user explicitly intending to run the skill.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal