iBlipper Expressive Typography - Remember reading is automatic!

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it claims, but its bundled URL helper can run local code if given a specially crafted message.

Review before installing. Basic link generation is aligned with the skill’s purpose, but avoid running scripts/iblipper.sh on untrusted or copied message text until the encoder is fixed to pass text as an argument or via stdin. Also avoid sensitive text in generated links because recipients load an external GitHub Pages renderer, and verify any downloaded GIF before sharing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Behavioral ASTexec() Call, eval() Call, Dynamic Import
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Low

Confidence: 98% confidence
Finding: The script interpolates user-controlled MESSAGE directly into a Python one-liner inside double quotes, so shell command substitution such as $(...) will be expanded by Bash before Python runs. This can lead to arbitrary command execution on the host when a crafted message is passed, making this substantially more severe than a mere undisclosed subprocess invocation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal