长图转小红书图片切割工具

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward local image-cropping tool, with a privacy caveat for images users choose to send to an AI.

Use this for local image cropping with a dedicated output folder. Avoid sending screenshots, documents, or design files that contain personal, confidential, or regulated information to an AI unless you are authorized and comfortable sharing that image content; redact sensitive regions first.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly instructs users in a mobile workflow to send original images or screenshots to an AI for processing, but it provides no warning about privacy, confidentiality, or sensitive-data exposure. Because the tool is intended for screenshots, documents, and design drafts, users may upload personal information, internal business content, or regulated data without understanding the disclosure risk.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The guide explicitly describes a workflow where users send long images to an AI for processing, but it provides no warning that screenshots, design files, or documents may contain personal, confidential, or regulated data. This omission can lead users to upload sensitive content to an external AI service without informed consent or redaction, creating privacy and data-handling risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal