Perler Pattern

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent image-to-bead-pattern generator, but users should notice that URL inputs and dependency setup can use the network.

Install this if you are comfortable with a Python image-processing skill that may install dependencies and may fetch remote images when given a URL. For stricter privacy or reproducibility, preinstall pinned dependencies in a virtual environment and use local image files only.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The manifest advertises the skill as 'fully offline' and 'Zero API cost,' but the implementation accepts HTTP/HTTPS URLs and retrieves them over the network. This is a real security/privacy issue because users and orchestrators may rely on the offline claim when deciding whether sensitive images can be processed safely, leading to unintended outbound network access and data disclosure.

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The inline comment claims background removal is 'fully offline,' yet the same code path supports downloading images from remote URLs using urllib.request.urlretrieve. Misleading in-code safety assertions are dangerous because they can cause reviewers or agents to underappreciate network and privacy risks, especially for user-supplied images.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The skill automatically installs Python packages with pip if imports fail, without explicit user approval or pinning to vetted versions. This creates a supply-chain and execution risk because running the skill can trigger unexpected code retrieval and installation from package indexes, potentially violating least privilege and controlled-environment assumptions.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill accepts remote image URLs and downloads them without a clear warning in the user-facing instructions. This is risky because it can expose user data, trigger unexpected outbound requests, and enable fetching attacker-controlled content from arbitrary hosts, which is especially relevant in environments that expect local-only processing.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal