Back to skill

Security audit

实用工具匣

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local image-processing skill; it downloads dependencies and OCR/background-removal models, but I found no evidence of hidden data theft, destructive behavior, or purpose-mismatched actions.

Install only if you are comfortable allowing Python scripts to process local images, install unpinned Python packages, and download OCR/background-removal model files on first use. Use a virtual environment if possible, review output paths before running, and avoid using watermark removal on content you are not authorized to modify.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs the agent to auto-install Python dependencies when missing, and the allowed tools include pip execution. Automatic package installation expands the skill from image processing into code and supply-chain execution, which can introduce malicious or compromised packages, unexpected network access, and environment modification without clear user approval.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The code initializes EasyOCR in a way that can trigger an automatic model download on first run, creating undeclared network behavior in a tool presented as a local image-processing utility. This increases supply-chain and privacy risk because execution may contact external servers unexpectedly and can fail or behave differently depending on network availability and remote content.

Context-Inappropriate Capability

Medium
Confidence
82% confidence
Finding
A one-stop image utility is expected to operate on local files, but this OCR path can perform network-capable model fetching without an explicit user opt-in. In the context of a general-purpose utility skill, that hidden external dependency makes the behavior more dangerous because users may process sensitive images under the assumption that everything stays local.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger conditions are broad enough that ordinary mention of terms like OCR, compression, watermark, or ID photo can activate the skill. Overbroad activation increases the chance of the agent invoking file-processing scripts and write/install capabilities in contexts where the user did not actually intend to use this skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.