Back to skill

Security audit

Photo Toolkit

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local photo-processing skill, with the main caution that its dependency helper can install system and Python packages if approved.

Install only if you are comfortable with a local photo tool reading the photo folders you point it at and writing processed outputs. Review any dependency-install prompt before approving it, prefer a virtual environment for Python packages, and use dry-run or backup options before batch conversion or in-place deflicker changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill documentation instructs the agent to execute shell commands, read from user-supplied paths, and write output files, but no permissions are declared. This creates a trust and containment gap: an orchestrator or reviewer may assume the skill is low-privilege while it can actually access the filesystem and invoke package installers or other shell-based tooling.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
This script is presented as a dependency checker, but it also performs package installation and invokes privileged system package managers. In an agent skill context, that expands its authority from inspection to host modification, which is risky because running the skill can unexpectedly change the environment and trigger sudo-mediated installs on the user's machine.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
A photo-processing skill should not need to install host packages as part of its normal operation; embedding package installation increases the blast radius from file processing to full system modification. Even though the packages appear related, this creates supply-chain and privilege risks if the script is run in trusted automation or by users who do not expect host changes.

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
if [[ "$(uname)" == "Darwin" ]]; then
            brew install "${MISSING_SYS[@]}"
        elif command -v dnf &>/dev/null; then
            sudo dnf install -y LibRaw-devel
        elif command -v yum &>/dev/null; then
            sudo yum install -y LibRaw-devel
        else
Confidence
97% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
elif command -v dnf &>/dev/null; then
            sudo dnf install -y LibRaw-devel
        elif command -v yum &>/dev/null; then
            sudo yum install -y LibRaw-devel
        else
            sudo apt-get install -y "${MISSING_SYS[@]/%/-dev}"
        fi
Confidence
98% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
elif command -v yum &>/dev/null; then
            sudo yum install -y LibRaw-devel
        else
            sudo apt-get install -y "${MISSING_SYS[@]/%/-dev}"
        fi
    fi
Confidence
98% confidence
Finding
sudo

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.