virtual-tryon-scorer

Security checks across malware telemetry and agentic risk

Overview

This is a coherent virtual try-on image scoring skill with no code execution, persistence, credential use, or hidden data flow.

Install this if you want an agent to score virtual try-on results from images you provide. Be aware it may activate on broad outfit-change evaluation requests and its report format is fixed in Chinese; avoid using sensitive personal images unless you intend them to be analyzed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The trigger conditions are broad enough to activate on general clothing-image or outfit-change discussions that are not actually virtual try-on evaluation requests. This can cause unintended skill invocation, leading the agent to process unrelated user content, produce irrelevant judgments, or mishandle images in contexts where specialized scoring is inappropriate.

Natural-Language Policy Violations

Medium

Confidence: 76% confidence
Finding: Mandating a Chinese-only output format without language negotiation can create reliability and usability failures, especially for users operating in other languages or downstream systems expecting a different locale. While not a classic security flaw, it can cause incorrect handling, miscommunication, and policy bypass in multi-language environments where precise interpretation matters.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal