Security audit

Ntriq X402 Alt Text

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a disclosed paid API integration for processing user-provided content, with no evidence of hidden persistence, local privilege use, or unrelated data handling.

Install only if you are comfortable sending the submitted content to the named external service and paying via x402. Avoid using it with confidential, regulated, or proprietary media unless you have separately verified the provider's retention, logging, and compliance practices.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs users to send image URLs or base64-encoded image content to an external paid service but does not clearly warn that images and potentially sensitive metadata leave the local environment. This creates a real privacy and data-handling risk because agents may forward private, regulated, or proprietary images to a third party without informed consent or policy checks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal