shortart image generator 图片生成

Security checks across malware telemetry and agentic risk

Overview

This ShortArt image skill mostly does what it claims, but its API-key handling and download path need review before installation.

Install only if you are comfortable sending prompts and chosen images to ShortArt. Do not run the documented echo command for the API key, avoid sensitive images unless ShortArt's terms fit your needs, and treat download mode cautiously until downloads validate trusted ShortArt hosts before sending Authorization headers.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (13)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill invokes Python with the requests dependency and requires an API key, which implies outbound network access and use of sensitive environment data, but it does not explicitly declare corresponding permissions. That weakens the trust boundary for users and platforms because the skill can transmit prompts and possibly user-supplied images to an external service without a clearly declared capability model.

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: The skill writes downloaded images directly into the user's local Downloads directory, creating a side effect outside the stated image-generation scope. Even though the files are expected outputs, silently persisting them to a common user directory can surprise users, overwrite expectations about where data is stored, and increase risk if untrusted remote content is downloaded.

Missing User Warnings

Low

Confidence: 90% confidence
Finding: The README explicitly instructs users to provide local file paths and download generated images, but it gives no warning that local images may be uploaded to a third-party service or that downloaded files will be written to the local filesystem. In an agent skill context, this can mislead users into exposing sensitive local images or accepting filesystem writes without understanding the privacy implications.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The top-level trigger list contains broad phrases such as 'draw', 'visualize', and generic image-related requests that can match ordinary conversation too aggressively. Overbroad activation can cause unintended routing to this skill, leading to unnecessary third-party data disclosure or execution of code paths the user did not explicitly intend.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: Mode 1 repeats ambiguous triggers like 'create image' and 'draw' without constraints or disambiguation rules. In context, this is more dangerous because the skill is a router to an external image service, so a false activation may send user text or reference images off-platform unexpectedly.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill documentation explains authentication and setup but does not clearly warn that user prompts and potentially uploaded/reference images will be transmitted to the third-party ShortArt service. This undermines informed consent and can expose sensitive business, personal, or proprietary content to an external processor.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill directs the agent to upload local image files to ShortArt, but it does not require an explicit notice that user-provided local files will be transmitted to a third-party service. In an agent setting, this can cause unintended exfiltration of sensitive images or metadata if users believe processing is local or do not understand the external transfer.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The file requires a SHORTART_API_KEY and instructs users to place it in their shell environment, but it does not include guidance about safe credential handling or clearly warn that the workflow uses an external API. This increases the risk of accidental secret exposure, misuse in shared environments, or user misunderstanding about where requests and data are sent.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill instructs users to submit prompts and optionally upload local images to ShortArt AI, but it does not clearly disclose that this data will be transmitted to a third-party external service. This creates a privacy and data-handling risk because users may provide sensitive text or images without informed consent, especially in image-to-image mode where local files are explicitly uploaded.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The client uploads user-supplied image data directly to ShortArt's remote OSS endpoint, but the code contains no consent, disclosure, or guardrails around that transfer. In an agent-skill context, users may provide local file paths, raw bytes, or base64 images without realizing their content will be transmitted to a third-party service, creating a privacy and data-handling risk even if this is the expected product behavior.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The download path and behavior are not clearly disclosed in the function contract, yet the code saves remote content to ~/Downloads automatically. This is risky because the skill fetches URLs from a result JSON object and persists them locally without an explicit warning, making the local side effect less transparent and easier to misuse.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The download helper writes remote image content directly into the user's Downloads folder without any explicit confirmation, opt-in path selection, or safety boundary. In an agent setting, this creates an unexpected filesystem side effect from untrusted remote input and could be abused to clutter storage, overwrite user expectations about where files appear, or facilitate delivery of unsafe content to a commonly accessed location.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The download path writes files directly into the user's ~/Downloads directory based solely on a supplied result JSON blob, with no explicit consent or confirmation in the write path. In an agent setting, this can cause unexpected file writes and can be combined with attacker-controlled URLs to silently fetch and persist arbitrary remote content on the local system.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal