Back to skill

Security audit

Baoyu Compress Image

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward image compression skill, but it can rename or replace original image files unless users choose the keep-original option.

Install only if you are comfortable with a compressor that changes files by default. Use --keep for important originals, test on a copy before recursive directory runs, and be careful when converting to the same format because the original file can be replaced.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The examples show behavior that replaces the original image, but the documentation does not clearly warn about the risk of data modification or loss. Users may reasonably assume compression creates a new file safely, and an agent may invoke the command without realizing it can overwrite or rename source content. This is more dangerous in a filesystem-manipulating skill because images may be processed in bulk and the operation appears routine and low-risk.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The code renames the original file automatically when --keep is not set, with no confirmation, dry-run, or explicit warning. In an agent skill context, this is risky because a user asking to 'compress image' may not expect filesystem-modifying behavior that changes original filenames, which can disrupt workflows, break references, or cause accidental data handling issues at scale when processing directories.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/main.ts:55