Image Upscaling

Security checks across malware telemetry and agentic risk

Overview

This is a coherent image-upscaling skill that uses an external cloud CLI, with some privacy and install-command cautions but no evidence of hidden or destructive behavior.

Install only if you trust inference.sh and are comfortable running its CLI installer. Review commands before approving them, and avoid sending sensitive image URLs, private photos, or proprietary prompts unless you understand the provider's data handling.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger list includes several generic phrases like 'enhance image', 'image enhancement', and 'higher resolution' that can match ordinary user requests beyond the intended narrow skill scope. Over-broad triggers increase the chance of unintended invocation, which can route user data or actions into this skill without clear intent and can amplify the impact of other risky behaviors in the skill.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The examples instruct users to submit image URLs and prompts to inference.sh-hosted services, but the documentation does not clearly disclose that user content is sent to a remote third-party service for processing. This creates a privacy and consent risk, especially if users assume processing is local or do not realize prompts and image references may be transmitted externally.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal