Back to skill

Security audit

Agnes Vision

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims by sending selected images to Agnes for vision analysis, but it ships with an apparent real API key and uploads image contents to a third-party service.

Review this before installing. Use it only for images you are comfortable sending to Agnes's remote API, avoid sensitive screenshots/documents unless you accept that exposure, and do not rely on the bundled config.json key; replace or remove it and use your own environment-managed API key if you proceed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill invokes a Python script that can read local image files, access API keys from command-line arguments, environment variables, or config.json, and send image contents over the network to a third-party endpoint. Although the behavior is documented and appears intended for the skill’s purpose, the capability gap is real: the skill effectively has env, file-read, and network access that are not explicitly declared as permissions, which can lead to unreviewed data exfiltration of sensitive local images or credentials.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script base64-encodes local images and sends them, along with the user prompt, to a third-party remote API endpoint. That creates a real privacy and data-handling risk because users may unknowingly transmit sensitive images, OCR content, or embedded metadata off-device without any explicit notice or consent step.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.