Kraken.io

Security checks across malware telemetry and agentic risk

Overview

This appears to be a Kraken.io connector with disclosed image-processing behavior, but users should understand that optimization may send images to Kraken.io.

Install if you intend to use Kraken.io through Codex. Before optimizing images, confirm which files will be sent to Kraken.io and make sure you are comfortable sharing that content with the service; avoid invoking it for casual Kraken.io discussion unless you mean to run the connector.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The manifest claims the skill is for "searching and reading data," but the documented `optimize_image` action performs processing and likely uploads/transfers user content to an external service. This mismatch can mislead an orchestrator or user into treating the skill as read-only, reducing scrutiny and enabling unintended data handling or state-changing behavior.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger text says to use this skill for ANY Kraken.io request, which is broad enough to cause automatic invocation on casual mentions rather than clear user intent. Overbroad routing can send data or initiate operations through this connector when the user only wanted discussion, planning, or direct API guidance.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal