Image Optimizer Tool

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real image optimization tool, but its backup and undo handling can write or restore local files outside the expected scope.

Review before installing if you plan to run it on important folders. Prefer --preview or --output-dir, run it from a trusted working directory, avoid --undo in directories containing untrusted .image_optimizer_log.json files, and install Pillow in an isolated Python environment.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill clearly describes filesystem operations such as reading images, modifying them, creating backups, writing output files, and performing undo actions, yet no permissions are declared in the skill metadata. This creates a transparency and policy-enforcement gap: users and hosting platforms may not realize the skill can read and overwrite files recursively, increasing the risk of unintended file access or destructive modification.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal