ai-kujiale-design

Security checks across malware telemetry and agentic risk

Overview

This interior-design skill is broadly purpose-aligned, but it handles a Kujiale account token and local uploads in ways users should review before installing.

Install only if you trust the publisher and are comfortable giving this skill a Kujiale token that can create designs, upload floor-plan images, run layout/render jobs, and use account quota. Keep the token out of shared workspaces, avoid pasting real tokens into logs or chats, rotate it if exposed, and confirm the exact local image path before any upload.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (13)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger condition activates on any user mention of interior or renovation design, which is broad enough to invoke the skill unexpectedly in ordinary conversation. Because the skill can lead to credential use, file monitoring, uploads, and paid/consumptive API actions, over-triggering increases the chance of unintended external calls or account quota consumption without clear user intent.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs users to store an access token in a local JSON file and read it before every script call, but it provides no guidance on file permissions, secret redaction, rotation, or avoiding accidental exposure. In an agent environment, local plaintext credentials can be leaked through logs, debugging output, workspace sharing, backups, or other skills/tools with filesystem access.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The documentation describes behavior where an arbitrary floor-plan ID can be used and, if it belongs to another user, the system will copy that floor plan into the current user's account and advance it to the design stage, but it does not prominently warn users about this cross-account copying and state-changing effect. In a design skill, this is risky because an agent could trigger unintended duplication, ownership confusion, or unauthorized handling of another user's project data if users are not clearly informed and explicit authorization checks are not enforced.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The documentation explicitly requires an access_token as a query parameter but provides no warning that it is a sensitive credential, no guidance against logging or sharing it, and no safer handling recommendations. In agent or integration environments, this increases the chance that tokens are pasted into chats, stored in logs, embedded in URLs, or exposed through referrers and monitoring systems, leading to unauthorized API access.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The documentation explicitly requires an access_token to be sent as a URL query parameter. Query parameters are commonly exposed in browser history, server/access logs, reverse proxies, analytics systems, referrer headers, and debugging output, which increases the chance of credential leakage even when HTTPS is used. In this skill context, API docs are likely to be copied directly into implementations, so the insecure pattern is likely to propagate into real integrations.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly instructs the agent to read a local file, compute metadata such as filename, size, and MD5, and upload the content to a remote OUS service, but it does not require clear user-facing notice or consent at the point of transfer. This creates a real data exfiltration risk because users may not understand that local file contents and associated metadata will leave the local environment and be sent to an external service.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The documentation instructs callers to send an access_token as a query parameter, which is an unsafe credential-handling pattern because query strings are commonly logged by servers, proxies, analytics tools, browser history, and monitoring systems. Even over HTTPS, placing bearer-style tokens in URLs increases accidental exposure risk and can lead to unauthorized API access if logs or links are disclosed.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The script places the access token in the request URL query string, which can leak through shell history, process listings, proxy logs, server access logs, crash reports, and monitoring systems even when HTTPS is used. In this skill context, the token appears to authorize design-creation API actions, so exposure could let another party invoke the API as the user or access related account capabilities.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The script places the access token in the URL query string, which can be exposed through logs, browser/history equivalents, proxy logs, monitoring systems, and upstream infrastructure even when HTTPS is used. In this skill context, the token appears to authorize access to design-related APIs, so leakage could allow unauthorized access to user/project data or misuse of the API until the token expires or is revoked.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script places the OAuth access token in the URL query string when calling the remote API. Even over HTTPS, query strings are commonly exposed in logs, shell history, proxy/CDN records, monitoring tools, and error traces, which increases the chance of credential leakage and unintended reuse of the token.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script places the access token in the URL query string, which is commonly captured by logs, proxies, browser/history equivalents, process monitoring, and upstream telemetry. Even though the request uses HTTPS, query parameters are still more likely to be exposed than headers or body fields, making credential leakage more probable.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The script places the access token in the request URL as a query parameter. Even over HTTPS, query strings are commonly exposed in logs, proxy records, shell history, debugging output, and monitoring systems, which increases the chance of credential leakage and subsequent unauthorized API access.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The access token is sent in the URL query string, which is commonly captured by logs, proxies, browser history, monitoring tools, and upstream infrastructure even over HTTPS. In this skill context, the token authorizes design and account-related API access, so leakage could allow unauthorized API calls against the user's Kujiale resources.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal