Favicondl · 任意网站 Favicon 下载工具

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward favicon downloader that contacts a favicon API and saves an icon file locally, with no evidence of hidden persistence, credential access, or unrelated behavior.

Before installing, review the script from the GitHub URL, understand that requested domains are sent to favicondl.com and may redirect to favicon hosts, and choose output paths carefully because the tool writes to and may remove the specified output file on failed downloads.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The README encourages users to submit arbitrary domains to a third-party service and save returned content to disk, but it does not prominently warn that user-supplied domains are disclosed to favicondl.com and that downloaded files are written locally. This can lead to unintended data exposure, privacy issues, and unsafe automation if users assume all processing is local.

VirusTotal

50/50 vendors flagged this skill as clean.

View on VirusTotal