Image Deduplicator

Security checks across malware telemetry and agentic risk

Overview

This is a local image-cleanup skill whose file deletion and moving features are disclosed and fit its purpose, but users should review results before using destructive options.

Install only if you want a local duplicate-image scanner. Run it in list mode first, inspect which files would be kept or removed, back up important folders, and prefer move mode over delete when you are unsure. Consider pinning trusted versions of Pillow and imagehash before installing dependencies.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly documents a delete action that removes files but provides no warning, confirmation guidance, backup recommendation, or safety constraints. In an agent setting, this increases the chance of irreversible data loss if a user or downstream automation invokes the command on the wrong directory or with an overly broad match threshold.

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal