Imou Open Multimodal Analysis

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Imou API helper for image analysis and repository management, with sensitive but purpose-aligned use of credentials, images, and delete commands.

Install only if you intend to send selected camera/image data to Imou and trust the configured Imou developer credentials with these operations. Use dedicated least-privilege credentials where possible, choose the correct regional IMOU_BASE_URL, and list repositories or targets before running delete commands.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The documentation exposes destructive repository and target deletion APIs without any warning, confirmation requirement, or mention of authorization checks. In an agent skill context, this increases the chance that an LLM-driven tool can delete repositories or targets based on ambiguous prompts or prompt injection, causing irreversible data loss in stored face/workwear libraries.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The file documents face analysis and target-repository management APIs without privacy, consent, retention, or sensitive-data handling guidance. Because these APIs process facial imagery and maintain repositories of identifiable targets, missing safeguards can lead to unauthorized biometric processing, over-collection, or misuse of highly sensitive personal data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal