混元生3D模型能力

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Tencent Hunyuan 3D helper that sends user-provided prompts or image URLs to Tencent and saves returned model files locally.

Install only if you intend to use Tencent Hunyuan 3D with your own API key. Avoid submitting secrets, confidential prompts, private image URLs, or regulated content, and treat returned model files as downloaded internet content before opening them in other tools.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 80% confidence
Finding: The script automatically downloads remote content from a URL returned by the API and writes it to disk without validating the destination content type, size, or trust boundary, and without an explicit opt-in warning at the download step. In this skill context, downloading generated model artifacts is expected, but if the upstream service or response is compromised, users may save unexpected or malicious files locally.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal