Back to skill

Security audit

Product Image Archiver

Security checks across malware telemetry and agentic risk

Overview

The skill is a manual product-image archiver, but it overstates legal/risk checks and can report unverified compliance-style results as if they were validated.

Install only if you treat the generated infringement, license, CMA, and supplier-quality information as unverified placeholders, not compliance evidence. Use trusted product links, review downloaded images manually before business or legal decisions, and pin/audit dependencies before using this in a production workflow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (13)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The code hard-codes infringement/compliance-related fields such as cma_report, image_license, logo_detected, and portrait_detected instead of deriving them from actual analysis or verification. In this skill’s context—claiming '侵权风险标注' and '完整性校验' for archived product images—fabricated safety/compliance metadata can mislead operators into trusting unverified content, creating legal, compliance, and downstream decision-making risk.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The adapter populates compliance- and trust-related fields such as cma_report, image_license, one_piece_drop, and supplier performance metrics with hard-coded values rather than data derived from the source page or a verified backend. In this skill context, those fields could be consumed downstream to make archival, infringement-risk, or sourcing decisions, causing users to trust fabricated compliance signals and potentially mishandle copyrighted or non-compliant product images.

Description-Behavior Mismatch

Medium
Confidence
82% confidence
Finding
The implementation only fetches a product page and extracts metadata plus image URLs, but the skill advertises lossless original-image download, infringement-risk marking, and integrity verification. This mismatch is dangerous because downstream users or automation may assume images were actually archived and verified when they were not, leading to false assurance, broken evidence chains, or improper compliance handling.

Unpinned Dependencies

Low
Category
Supply Chain
Content
# 版本:1.0.0

# HTTP 请求
requests>=2.31.0
urllib3>=2.0.0

# 数据处理
Confidence
89% confidence
Finding
requests>=2.31.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
# HTTP 请求
requests>=2.31.0
urllib3>=2.0.0

# 数据处理
pandas>=2.0.0
Confidence
89% confidence
Finding
urllib3>=2.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
urllib3>=2.0.0

# 数据处理
pandas>=2.0.0
openpyxl>=3.1.0

# 图像处理
Confidence
80% confidence
Finding
pandas>=2.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
# 数据处理
pandas>=2.0.0
openpyxl>=3.1.0

# 图像处理
Pillow>=10.0.0
Confidence
84% confidence
Finding
openpyxl>=3.1.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
openpyxl>=3.1.0

# 图像处理
Pillow>=10.0.0

# 环境变量加载
python-dotenv>=1.0.0
Confidence
92% confidence
Finding
Pillow>=10.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
Pillow>=10.0.0

# 环境变量加载
python-dotenv>=1.0.0

# 日志
colorlog>=6.7.0
Confidence
75% confidence
Finding
python-dotenv>=1.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
python-dotenv>=1.0.0

# 日志
colorlog>=6.7.0
Confidence
72% confidence
Finding
colorlog>=6.7.0

Known Vulnerable Dependency: urllib3 — 10 advisory(ies): CVE-2025-66471 (urllib3 streaming API improperly handles highly compressed data); CVE-2024-37891 (urllib3's Proxy-Authorization request header isn't stripped during cross-origin ); CVE-2026-21441 (Decompression-bomb safeguards bypassed when following HTTP redirects (streaming ) +7 more

High
Category
Supply Chain
Confidence
71% confidence
Finding
urllib3

Known Vulnerable Dependency: Pillow — 10 advisory(ies): CVE-2016-2533 (Pillow buffer overflow in ImagingPcdDecode); CVE-2023-50447 (Arbitrary Code Execution in Pillow); CVE-2021-27922 (Pillow Uncontrolled Resource Consumption) +7 more

Critical
Category
Supply Chain
Confidence
86% confidence
Finding
Pillow

Known Vulnerable Dependency: python-dotenv — 1 advisory(ies): CVE-2026-28684 (python-dotenv: Symlink following in set_key allows arbitrary file overwrite via )

Low
Category
Supply Chain
Confidence
61% confidence
Finding
python-dotenv

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.