Back to skill

Security audit

Ai Reviewer

Security checks across malware telemetry and agentic risk

Overview

This skill says it reviews image quality, but its code appears to approve images without actually checking their content.

Install only if you treat this as a placeholder or report template, not as a real image-quality gate. Do not rely on it to approve product images, compliance checks, or delivery decisions until the publisher implements actual image analysis and clearly documents the limits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
72% confidence
Finding
The skill declares no dependencies or permissions, yet the content references local files and writable artifacts such as config and memory paths, which is consistent with undeclared file read/write behavior. This creates a trust gap: operators may install or invoke the skill believing it is metadata-only, while the implementation can access or modify local data without explicit disclosure.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The skill presents itself as performing image quality inspection, but `_check_item` always returns a hardcoded good score and never analyzes the supplied image or brief. This creates a deceptive approval workflow where low-quality or malformed outputs will be marked as acceptable, undermining downstream decisions and any safety or quality gate that relies on this reviewer.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The natural-language trigger phrase is generic enough to match ordinary user requests about reviewing images, which can cause the skill to activate unintentionally. Unexpected activation increases the chance of unintended file access, data processing, or workflow interference, especially in agent environments where skills may chain automatically.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.