Security audit

Story Cover

Security checks across malware telemetry and agentic risk

Overview

This skill coherently helps generate novel cover images and its external API use is expected and disclosed.

Install only if you are comfortable sending book titles, author names, prompts, and any chosen reference image to OpenAI or the configured compatible proxy. Keep GPT_IMAGE_BASE_URL pointed at a trusted endpoint, avoid sensitive reference images, and set BOOK_DIR to a directory where generated covers and prompt copies may be saved.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger list includes broad natural-language phrases such as '生成封面图' and '封面设计' that can plausibly appear in ordinary conversation, causing the skill to activate unintentionally. In a skill that can send prompts and optional reference images to external services, accidental activation increases the chance of unintended data transmission or actions without clear user intent.

External Transmission

Medium

Category: Data Exfiltration
Content: --arg s "$SIZE" \ '{model:$m, prompt:$p, size:$s}') curl -fsS --max-time 180 --retry 2 --retry-delay 5 \ "$BASE_URL/images/generations" \ -H "Authorization: Bearer $GPT_IMAGE_API_KEY" \ -H "Content-Type: application/json" \
Confidence: 96% confidence
Finding: curl -fsS --max-time 180 --retry 2 --retry-delay 5 \ "$BASE_URL/images/generations" \ -H "Authorization: Bearer $GPT_IMAGE_API_KEY" \ -H "Content-Type: application/json" \ -d

Chaining Abuse

High

Category: Tool Misuse
Content: OUT="$BOOK_DIR/封面/封面_v${i}.png" RESP=$(mktemp) REF_TMP="" trap '[ -n "$REF_TMP" ] && rm -f "$REF_TMP"; rm -f "$RESP"' EXIT # URL 先下载到临时文件，本地路径直接用。用裸 mktemp 以保证 macOS/Linux 行为一致。 case "$REF_IMAGE" in
Confidence: 75% confidence
Finding: && rm -

Chaining Abuse

High

Category: Tool Misuse
Content: OUT="$BOOK_DIR/封面/封面_v${i}.png" RESP=$(mktemp) REF_TMP="" trap '[ -n "$REF_TMP" ] && rm -f "$REF_TMP"; rm -f "$RESP"' EXIT # URL 先下载到临时文件，本地路径直接用。用裸 mktemp 以保证 macOS/Linux 行为一致。 case "$REF_IMAGE" in
Confidence: 75% confidence
Finding: ; rm -

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal