Ntriq X402 Screenshot Data Batch

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed paid screenshot-extraction API wrapper, but users should be careful because screenshots are sent to a third-party service.

Before installing or using it, confirm you intend to pay $6 USDC and only submit screenshot URLs you are comfortable sharing with Ntriq. Treat the “100% local inference on Mac Mini” claim as provider-side processing unless the publisher clarifies otherwise; it does not mean the screenshots stay on your own machine.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill instructs users to send screenshot URLs to a remote third-party endpoint and advertises extraction of text, UI elements, and data, but it does not warn that screenshots may contain sensitive information such as credentials, personal data, internal dashboards, or proprietary content. This omission increases the risk that users will unknowingly transmit sensitive visual data off-platform, especially because the batch mode supports up to 500 screenshots and the marketing language emphasizes convenience rather than data sensitivity.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal