Back to skill

Security audit

1688图片下载器

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it helps open Taobao/1688 product pages and save product images locally, with no evidence of hidden or unrelated behavior.

Before installing, be aware it will browse third-party shopping sites and save downloaded images to local/shared folders. Use a clean browser profile if you do not want shopping-site cookies or logged-in sessions involved, and choose a non-shared output directory if the images should stay private.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill instructs saving downloaded images to local storage but does not clearly warn the user about filesystem modifications. Silent local writes can create privacy, storage, and persistence risks, especially when product names are used in directory names and files are stored in a shared or persistent location. The skill context makes this somewhat less suspicious because downloading images inherently requires saving them, but the lack of disclosure still creates a real safety issue.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill directs the agent to open external e-commerce pages with a browser profile and download images over the network without a clear privacy or network activity warning. This can expose session state, cookies, referer data, and browsing context, especially since the instructions explicitly rely on a persistent browser profile and anti-hotlinking headers. In this skill’s context, browser/network access is expected, but the absence of disclosure and consent makes the behavior materially riskier.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.