Back to skill

Security audit

Batch Image Processing

Security checks across malware telemetry and agentic risk

Overview

This image-processing skill is mostly coherent, but it gives unsafe SSH automation guidance for remote servers, including disabling host identity checks.

Review the remote-execution sections before installing. Use this only with hosts and keys you control, avoid root SSH where possible, and replace StrictHostKeyChecking=no with known_hosts provisioning, host-key pinning, SSH certificates, or another verified host identity workflow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill extends beyond local batch image processing into generalized SSH/SCP remote execution guidance, including background command execution on remote hosts. This broadens the operational scope significantly and can enable users or downstream agents to run arbitrary code on servers, increasing the blast radius if the skill is invoked in the wrong context or with attacker-controlled parameters.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The documentation explicitly recommends `StrictHostKeyChecking=no`, which disables SSH host identity verification and makes man-in-the-middle attacks materially easier. In an automation context this can cause credentials, commands, or file transfers to be sent to an attacker-controlled host while appearing to succeed normally.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill not only disables host key checking but presents it as a hard requirement for automation without warning about the security consequences. This normalizes an insecure SSH practice and increases the likelihood of silent interception of administrative sessions or file transfers in hostile or misconfigured networks.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.