Security audit

Save Image

Security checks across malware telemetry and agentic risk

Overview

This is mostly a normal media-downloading skill, but it should be reviewed because it points agents toward session-cookie/browser automation for login-gated images without clear user approval or account limits.

Install only if you want an agent to download media from URLs. Use trusted URLs, save into a safe folder, and do not allow the skill to use logged-in browser sessions, cookies, or private account pages unless you explicitly approve the site, account, and file being retrieved.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill advertises very broad trigger phrases such as 'download image', 'get this image', and 'any media download from a URL', which increases the chance it will be invoked in situations the user did not specifically intend. Because the skill performs network retrieval and writes files to disk, unintended activation can lead to unexpected external requests, content downloads, and filesystem side effects.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill description emphasizes downloading and saving media but does not warn that it will write files to disk, including examples that save into locations like ~/Downloads. In an agent setting, lack of an explicit warning or consent mechanism can cause unexpected persistence of untrusted remote content, which may create privacy, storage, or safety issues for the user.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal