apiyi-gpt-image-2-all-gen(基于API易代理站)-官逆版

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed APIYI image-generation helper; it sends prompts and selected images to a remote paid API, but that behavior matches its purpose.

Install only if you trust this publisher and APIYI with your API key, prompts, and any images you choose to edit. Prefer APIYI_API_KEY over passing keys on the command line, avoid private or sensitive images unless APIYI's terms are acceptable, and remember generated URL outputs may be temporary.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The script sends user prompts and optional local image contents to a third-party remote API, but the CLI flow does not provide a clear, explicit disclosure or confirmation at the point of use. In a skill context, users may supply sensitive prompts or private images without realizing they are being transmitted off-host, creating privacy and data-handling risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal