AISkinX护肤AI助手

Security checks across malware telemetry and agentic risk

Overview

This skill does not show data theft or destructive behavior, but its privacy and path-safety promises are not reliably enforced in the shipped runtime.

Install only after review or in a constrained environment. Do not rely on its claims of strict path restriction or URL rejection until the broken imports and validation logic are fixed, and treat any skin photos or consultation text as sensitive local data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (21)

Intent-Code Divergence

Medium

Confidence: 98% confidence
Finding: The code and docstring claim that URLs are explicitly rejected, but `_is_url()` only matches `ftp://`, `www.`, and bare domain-like strings. Common `http://` and `https://` URLs are not detected, so such inputs can bypass the URL rejection logic and be misclassified as file paths or other input types. In a security-sensitive validator, this creates a mismatch between promised and actual behavior and can enable unintended remote resource handling in downstream consumers that trust this validation result.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill documents backup/restore and report/history saving features but does not clearly warn that these operations write local files, may overwrite existing data, or may persist sensitive user content. In a privacy-sensitive skincare context, silent persistence can expose personal images, consultation records, and generated reports to other local users or later unintended access.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The chat history and progress-tracking features imply local retention of potentially sensitive consultation content, but the documentation does not warn users that personal skincare disclosures may be stored. Because health-adjacent and image-related discussions can contain sensitive personal data, undocumented retention increases privacy and confidentiality risk.

Unpinned Dependencies

Low

Category: Supply Chain
Content: # 版本要求基于Python 3.8+ # 核心依赖 Flask>=2.3.0 Werkzeug>=2.3.0 Jinja2>=3.1.0
Confidence: 95% confidence
Finding: Flask>=2.3.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # 核心依赖 Flask>=2.3.0 Werkzeug>=2.3.0 Jinja2>=3.1.0 # 图像处理
Confidence: 95% confidence
Finding: Werkzeug>=2.3.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # 核心依赖 Flask>=2.3.0 Werkzeug>=2.3.0 Jinja2>=3.1.0 # 图像处理 Pillow>=10.0.0
Confidence: 94% confidence
Finding: Jinja2>=3.1.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: Jinja2>=3.1.0 # 图像处理 Pillow>=10.0.0 opencv-python>=4.8.0 numpy>=1.24.0
Confidence: 93% confidence
Finding: Pillow>=10.0.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # 图像处理 Pillow>=10.0.0 opencv-python>=4.8.0 numpy>=1.24.0 # 数据处理
Confidence: 93% confidence
Finding: opencv-python>=4.8.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # 图像处理 Pillow>=10.0.0 opencv-python>=4.8.0 numpy>=1.24.0 # 数据处理 pandas>=2.0.0
Confidence: 92% confidence
Finding: numpy>=1.24.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: numpy>=1.24.0 # 数据处理 pandas>=2.0.0 scikit-learn>=1.3.0 scipy>=1.11.0
Confidence: 91% confidence
Finding: pandas>=2.0.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # 数据处理 pandas>=2.0.0 scikit-learn>=1.3.0 scipy>=1.11.0 # AI/机器学习
Confidence: 92% confidence
Finding: scikit-learn>=1.3.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # 数据处理 pandas>=2.0.0 scikit-learn>=1.3.0 scipy>=1.11.0 # AI/机器学习 torch>=2.0.0
Confidence: 90% confidence
Finding: scipy>=1.11.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: scipy>=1.11.0 # AI/机器学习 torch>=2.0.0 torchvision>=0.15.0 tensorflow>=2.13.0 # 可选，用于某些高级功能
Confidence: 93% confidence
Finding: torch>=2.0.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # AI/机器学习 torch>=2.0.0 torchvision>=0.15.0 tensorflow>=2.13.0 # 可选，用于某些高级功能 # Web和API
Confidence: 90% confidence
Finding: torchvision>=0.15.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: tensorflow>=2.13.0 # 可选，用于某些高级功能 # Web和API requests>=2.31.0 aiohttp>=3.8.0 websockets>=12.0
Confidence: 94% confidence
Finding: requests>=2.31.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # Web和API requests>=2.31.0 aiohttp>=3.8.0 websockets>=12.0 # 工具和工具类
Confidence: 94% confidence
Finding: aiohttp>=3.8.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # Web和API requests>=2.31.0 aiohttp>=3.8.0 websockets>=12.0 # 工具和工具类 python-dotenv>=1.0.0
Confidence: 93% confidence
Finding: websockets>=12.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: websockets>=12.0 # 工具和工具类 python-dotenv>=1.0.0 pyyaml>=6.0 colorama>=0.4.0 tqdm>=4.65.0
Confidence: 88% confidence
Finding: python-dotenv>=1.0.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # 工具和工具类 python-dotenv>=1.0.0 pyyaml>=6.0 colorama>=0.4.0 tqdm>=4.65.0
Confidence: 94% confidence
Finding: pyyaml>=6.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # 工具和工具类 python-dotenv>=1.0.0 pyyaml>=6.0 colorama>=0.4.0 tqdm>=4.65.0 # 测试和开发
Confidence: 84% confidence
Finding: colorama>=0.4.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: python-dotenv>=1.0.0 pyyaml>=6.0 colorama>=0.4.0 tqdm>=4.65.0 # 测试和开发 pytest>=7.4.0
Confidence: 87% confidence
Finding: tqdm>=4.65.0

VirusTotal

No VirusTotal findings

View on VirusTotal