Back to skill

Security audit

๐Ÿฆ Shrink โ€” Three-Tier Multimodal Context Optimizer

Security checks across malware telemetry and agentic risk

Overview

The skill does sensitive but disclosed work: it sends session images and nearby context to Anthropic, then rewrites local session files with backups.

Install only if you are comfortable sending screenshots and nearby conversation text to Anthropic. Run dry-run first, keep backups enabled, prefer setting ANTHROPIC_API_KEY explicitly, and use --redact for sensitive sessions, while remembering redaction affects the saved description and does not make the original image local-only.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill enumerates Anthropic credentials from both the ANTHROPIC_API_KEY environment variable and agent auth-profiles.json files, including optional per-agent targeting and failover. Even if done to improve reliability, this expands credential access beyond the minimum needed for simple image shrinking and creates unnecessary secret exposure risk if the script is misused, logged, or modified.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrase "reduce context" is broad enough to match normal user conversation about context limits, summarization, or token budgeting, which could unintentionally invoke a destructive workflow. In this skill, invocation can lead to file modification, transmission of session content and images to a third-party API, and optional service restart, so accidental activation has meaningful privacy and availability consequences.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The phrase "shrink everything" is ambiguous and overly broad, making it likely to match casual user language without clear intent to process all sessions. Because the associated behavior expands scope to all sessions for an agent and may transmit more historical content and images off-host, accidental triggering increases confidentiality risk and the blast radius of unintended file changes.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script packages base64 image contents together with extracted surrounding conversation context and sends them to Anthropic's external API. Because this happens without a strong execution-time consent gate or explicit warning about exactly what data leaves the local system, sensitive screenshots, PII, secrets, and nearby conversation content may be disclosed to a third party.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The script silently reads credentials from environment variables and auth-profiles.json without prominently informing the user at the point of use. While credential loading itself is common, undisclosed access to stored secrets is risky in an agent skill because users may not expect local auth files to be scanned or reused automatically.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.