Back to skill

Security audit

topaz

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Topaz media-enhancement helper using RunAPI, with the main user consideration being that chosen media is handled by an external service.

Before installing, confirm you are comfortable installing the RunAPI CLI and sending selected images, videos, and request metadata to RunAPI/Topaz for processing. Avoid using it on sensitive private media unless you have reviewed the service's privacy and retention terms and are comfortable with the authentication method used.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill directs the agent to use an external SaaS/CLI workflow for image and video processing, but it does not disclose that user-provided media will be uploaded to RunAPI/Topaz for remote processing. This can lead to unintended disclosure of sensitive images, videos, or embedded metadata when agents use the skill on private content without informed user consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.