Image Processor

Security checks across malware telemetry and agentic risk

Overview

This is a local image-processing skill with real file-handling caveats, but no evidence of hidden access, networking, credential use, persistence, or malicious behavior.

Install only if you are comfortable running a local script on image files you choose. Use Pillow for real conversion, always pass --output or work on copies, and do not rely on fallback mode for format conversion because it may only copy and rename the file.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 78% confidence
Finding: The documented purpose generally matches image processing, but the finding indicates undocumented behaviors such as directory-wide batch processing and a fallback mode that can relabel or copy files without real conversion. That mismatch is dangerous because users may trust the skill to only transform image contents, while it may instead rename, duplicate, or mass-process files in ways that affect integrity and storage unexpectedly.

Intent-Code Divergence

Medium

Confidence: 88% confidence
Finding: In fallback mode, the script claims format conversion is available but only copies the original bytes to a new filename or extension. This can create mislabeled files that downstream tools may trust incorrectly, causing processing errors, bypass of file-type expectations, or unsafe handling in systems that rely on extension-based validation.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The default behavior sets the output path to the input path, so processing can silently overwrite the original image. In an agent skill context, this is more dangerous because automated workflows may invoke the tool on user files without interactive confirmation, leading to irreversible data loss or corruption if processing fails or quality settings degrade the image.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal