Security audit

NSFW Image Generation — Unrestricted AI Image Models

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed adult image-generation helper whose API key use, network calls, uploads, and downloads match its stated purpose.

Install only if you are comfortable with an adult-content image tool sending your prompts and selected images to Atlas Cloud and spending from your Atlas Cloud account. Use a dedicated low-balance API key, monitor usage, revoke the key when finished, and upload only images you are allowed and willing to send to that provider.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill requires access to environment variables and makes outbound network requests, but it does not declare corresponding permissions in a formal permission model. This creates a transparency and governance gap: users or platforms may not realize the skill can read a billing-linked API key and send prompts/images to a third-party service.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.