Dataify Google Lens

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Dataify Google Lens helper that asks for confirmation before sending image-search parameters to the Dataify API.

Install only if you intend to use Dataify for Google Lens lookups. Before confirming a call, review the preview table carefully because the image URL and selected search parameters will be sent to Dataify with your API token.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The script sends user-supplied image URLs, search queries, and an authorization token to an external third-party service, but it does not clearly warn the user at execution time that their data is being transmitted off-box. In a skill/agent setting, this can cause unintended disclosure of sensitive image references, query content, or credentials when users may assume processing is local.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal