Wallhaven Downloader

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Wallhaven wallpaper downloader with disclosed network use, local file writes, and API-key handling limited to Wallhaven.

Install only if you want an agent to contact Wallhaven and save wallpaper files locally. Use a dedicated downloads folder, set a reasonable --count, and pass the Wallhaven API key only through --apikey or WALLHAVEN_API_KEY when needed for gated results.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 76% confidence
Finding: The skill description emphasizes downloading wallpapers but does not prominently warn that it will create files and a `manifest.json` in the chosen output directory. This can lead to unintended filesystem modification or confusion in environments where agents should minimize side effects.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal