Back to skill

Security audit

minds-eye

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises: it stores visual memories locally and sends images or screenshots to a configured vision API for analysis.

Install only if you want durable visual memory. Avoid using it with confidential images, private websites, admin pages, credentials, or regulated data unless local storage under ~/.multimodal-memory/ and transmission to your configured vision provider are acceptable; periodically review or delete that directory if you no longer want the memories retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill clearly instructs use of shell commands, filesystem reads/writes under ~/.multimodal-memory, network access to GPT-4o and URLs, and likely environment access, yet it declares no permissions. That mismatch undermines least-privilege controls and can cause users or hosts to run a skill with broader capabilities than are transparently documented.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README explicitly advertises capturing websites, storing images/screenshots, and sending visual content to a vision API, but it does not warn users that sensitive information may be captured, retained locally, and transmitted to a third-party model provider. In a memory skill designed for cross-conversation recall, this omission increases the chance that credentials, personal data, internal dashboards, or other confidential content will be collected and retained without informed user consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill stores user images, screenshots, and derived metadata in a persistent local directory across conversations, but it does not require informing the user about retention, location, or deletion behavior. This creates privacy risk because sensitive screenshots or personal images may be kept longer than the user expects and later retrieved from disk.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill directs all image analysis through analyze.py, which sends image content to GPT-4o via API, but it does not require clear user disclosure or consent for external transmission. Images and screenshots often contain credentials, personal data, internal documents, or regulated content, so undisclosed third-party transfer materially increases confidentiality and compliance risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.