Back to skill

Security audit

watermark-remover-skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local helper for sending user-selected images through a separate watermark-removal GUI, with some file-handling and rights-use cautions but no evidence of hidden or malicious behavior.

Install only if you trust and already intend to use the separate watermark-removal GUI. Configure dedicated input/output folders, avoid --move unless you explicitly want originals moved, keep backups of important images, and use the tool only for images you own or have permission to modify.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README exposes a destructive mode that deletes the original input file after moving it into the watched directory, but the warning is easy to miss because it appears only as an inline comment in a command example. In an agent-driven workflow, users may copy commands or allow the agent to invoke documented options without fully appreciating that source files can be removed, causing unintended data loss.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger text activates on broad phrases like 'watermark removal' or any time uploaded images 'need watermarks removed,' which can cause the skill to run for generic image-editing requests without confirming the user's intent or the availability of the local GUI tool. Over-broad invocation increases the risk of unexpected file operations and routing users into a tool that may be inappropriate or policy-sensitive.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The statement that the skill should be used whenever users mention watermark removal, batch removal, or related software lacks clear boundaries and effectively mandates invocation across a wide class of requests. In context, that broad scope is more dangerous because the skill writes files into monitored directories and automates a potentially misuse-prone watermark-removal workflow.

Ssd 4

Medium
Confidence
84% confidence
Finding
The skill operationalizes watermark removal through a local paid GUI workflow and gives detailed steps to automate it, which can facilitate removal of attribution, ownership marks, or platform overlays at scale. Although the text is framed as normal product usage rather than explicit abuse, watermark-removal automation is contextually risky because it can be used to bypass provenance or rights-related signals.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.