Color Convert

Security checks across malware telemetry and agentic risk

Overview

This is a low-risk color conversion and palette helper with no evidence of hidden data access or harmful behavior.

Install if you want a simple local color utility. Be aware it may activate for general color or palette-related requests, but the reviewed behavior is limited to design/color transformations and does not show sensitive access or persistence.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The manifest description includes a broad activation condition in Chinese ('trigger when the user needs color conversion, palette generation, contrast checking, palette generation'), which can cause the skill to activate for loosely related requests. Over-broad triggers are risky because they can hijack unrelated conversations or increase unintended tool invocation, though this particular skill is limited to low-risk color operations and does not expose sensitive capabilities.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal