Cn Image Watermark

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward local image-watermarking tool with a reliability bug in batch mode, but no evidence of hidden access, exfiltration, persistence, or destructive behavior.

Reasonable to install if you need local image watermarking. Review the output path before running batch jobs, avoid pointing batch mode at very broad folders, and expect batch mode to need a bug fix before it works reliably in automation.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 98% confidence
Finding: The program unconditionally evaluates result["status"] for its exit code, but in batch mode result contains only {"cmd","total","details"} and no top-level status. This causes a runtime KeyError on normal batch execution, producing a denial of service for that code path and making automation that relies on this skill unreliable.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal