OpenCV

Security checks across malware telemetry and agentic risk

Overview

This OpenCV skill is coherent and purpose-aligned, but users should limit mapped folders and verify the downloaded WASM component before running it.

Install only if you trust the source of the OpenCV WASM file. Map a dedicated image working folder rather than a home or project root directory, avoid mapping sensitive files, and verify outputs before overwriting originals.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger section is very broad and covers many common image-processing, ML, and batch operations without clear activation boundaries, exclusions, or safety conditions. In an agentic system, this can cause over-invocation of the skill in contexts where filesystem exposure or sandboxed WASM execution is unnecessary, increasing the attack surface and the chance that untrusted user inputs are routed into powerful file-processing workflows.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The documentation explicitly tells users to use workDir or mapDir to expose directories to the sandbox, but it does not warn that this grants the WASM component access to host files within those mapped paths. Because the WASM binary is downloaded separately and then run against user-specified operations and inputs, omission of this warning can lead to overly broad directory exposure, unintended data access, and leakage or modification of sensitive files.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal