Image Scanner Pro

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-aligned for image analysis, but it needs review because it may scan local image folders and send images to Gemini without clear user-facing disclosure or consent controls.

Install only if you are comfortable with selected local images being analyzed by Gemini. Before using it on a folder, confirm exactly which files will be processed, avoid sensitive or regulated images, and prefer explicit per-folder or per-run approval.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger phrases are broad enough to match common user intents like image recognition, photo analysis, and organization, which can cause the skill to activate unexpectedly. In a skill that scans directories and sends image contents to an external model, ambiguous activation increases the chance of unintended file processing and data exposure.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill documentation does not warn users that local image data will be sent to an external Gemini API for analysis, which creates a meaningful privacy and data-handling risk. Users may provide folders containing personal, confidential, or regulated images without informed consent, and the broad scanning capability makes the exposure more serious.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal