cli-anything-gimp

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a GIMP image-editing helper whose file-changing behavior is expected for that purpose, but users should control which files it edits or exports.

Install if you want the agent to help with GIMP image work. Give explicit input and output paths, prefer new filenames for exports, and require confirmation before overwriting or modifying original files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill description says to use this skill whenever the user needs GIMP image processing, which is a broad activation condition that can cause over-invocation of a highly capable file-modifying tool. In an agent setting, vague routing increases the chance the agent will use the skill on user files without sufficient confirmation, scope checks, or safer alternatives.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The documentation demonstrates creating projects, opening media, editing images, and exporting outputs, but does not warn that these actions can create, overwrite, or transform user files. In a tool-using agent, omission of file safety guidance can lead to destructive or privacy-impacting actions being taken automatically against local files.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal