Back to skill

Security audit

Ntriq X402 Screenshot Data

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward paid screenshot-analysis API wrapper, with privacy and payment cautions but no evidence of hidden or malicious behavior.

Install only if you are comfortable sending selected screenshots to ntriq's remote service and paying per call. Avoid screenshots containing passwords, personal data, customer records, financial records, internal dashboards, or regulated information unless you have authorization and understand the provider's privacy, retention, and deletion practices.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly sends user-provided screenshots or image URLs to an external service, but it does not warn users that screenshots may contain sensitive information such as credentials, personal data, financial details, or internal dashboards. This creates a real privacy and data-handling risk because agents or users may submit highly sensitive screen content without informed consent or minimization.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.