Back to skill

Security audit

Safe Shrink

Security checks across malware telemetry and agentic risk

Overview

SafeShrink has a coherent document-optimization purpose, but it asks an agent to auto-download and cache a Windows executable while making overly broad offline and safety claims.

Install only if you are comfortable with an agent downloading and running the SafeShrink Windows EXE from GitHub. Verify the release source and integrity yourself, avoid blanket antivirus exclusions, and use copies of documents because compression, OCR, sanitization, and SSD conversion can change or remove content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The skill markets the tool as 'fully offline' and says data never leaves the computer, but elsewhere states the AI will automatically download the EXE from GitHub on first use. This is a material contradiction that can mislead users into trusting a workflow that performs unexpected network access and executes a downloaded binary, increasing supply-chain and privacy risk.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The antivirus notice asserts 'no internet' and 'no server connection' while the skill also documents automatic GitHub downloads and recommends external services such as VirusTotal. These contradictory trust-building claims can socially engineer users to bypass defenses or whitelist the tool under false assumptions about its behavior.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The manifest uses very broad trigger terms and raw extensions like .xls, .json, .xml, .yaml, and .csv, which can cause the skill to activate in many unrelated contexts. In this skill, that broad activation is more dangerous because activation steers users toward an external EXE and discourages direct file handling until SafeShrink intervenes.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The passive trigger examples are broad and ambiguous, so ordinary requests about file size, readability, or folders may invoke the skill even when the user did not ask to run this tool. Because the skill promotes interception and an external binary workflow, ambiguous activation increases the chance of unnecessary diversion and unsafe execution paths.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The description emphasizes benefits but does not clearly warn that optimization, sanitization, OCR, and aggressive compression may alter document content, formatting, fidelity, or embedded data and create new output files. Users may assume lossless processing and share transformed documents without understanding that data may be removed, rewritten, or misrecognized.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill instructs the AI to automatically download and cache a Windows EXE from GitHub without a prominent warning about the risks of fetching and executing binaries. This creates a direct supply-chain and remote code execution risk, especially when paired with trust-building claims that the tool is safe and offline.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The manifest advertises very broad triggers including common file extensions such as .json, .xml, .yaml, .csv, and .xls. In an agent ecosystem, these activators can cause the skill to be invoked in many unrelated contexts, increasing the chance of unintended processing of sensitive documents or surprising users who did not explicitly request this skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.