Back to skill

Security audit

AI Remove Watermark

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed watermark-removal API wrapper that sends user-selected images or image URLs to a remote service and only saves results locally when requested.

Install only if you trust Airemovewatermark with the images or image URLs you choose to process. Keep API_KEY private, avoid untrusted API_BASE_URL or --base-url values, and use the skill only for images you own or are authorized to edit.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script reads a local file and uploads its full contents to a third-party remote service, but the execution flow provides no explicit user-facing warning or confirmation at the point of exfiltration. In an agent setting, this can cause unintended disclosure of sensitive local images or embedded metadata if the agent selects a file path without the user fully understanding that the file leaves the local system.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The script sends user-supplied image URLs to a remote API without explicit disclosure in the execution path. While less sensitive than raw file upload, URLs may still reveal private storage locations, signed access tokens, internal hostnames, or other sensitive query parameters to the external service.

Missing User Warnings

Low
Confidence
82% confidence
Finding
When download is enabled, the script writes the processed image to a local artifacts directory without an explicit runtime disclosure in the action flow. This can create unintended persistence of potentially sensitive output on disk, which matters in shared environments or where artifact directories are later collected, synced, or exposed.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/remove_watermark.mjs:54