Back to skill

Security audit

Image AI Kit

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward local image-processing and OCR skill that reads user-selected images and writes user-selected output files.

Before installing, review the Python dependencies and use a virtual environment. Only give it images you intend to process, and choose output paths carefully because the scripts can overwrite files at paths you provide.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Lp3

Medium
Category
MCP Least Privilege
Confidence
83% confidence
Finding
The skill documentation demonstrates code that writes output files (for example, generating 'output.jpg') and performs image processing without any declared permissions. Even if file output is expected for this skill’s purpose, the absence of an explicit permission declaration creates a mismatch between documented capabilities and the security model, which can enable unintended file writes or make review and sandboxing less reliable.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.