Back to skill

Security audit

Byted Tos Image Process

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Bytedance TOS image-processing helper that needs cloud credentials and can save processed images, but its behavior fits its stated purpose.

Install only if you want an agent to access and transform images in your TOS buckets. Use short-lived, least-privilege STS credentials scoped to the needed buckets and object paths, review any `--process`, `--kv`, `--output`, `--saveas-bucket`, and `--saveas-object` values before running, and consider pinning the `tos` SDK version.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Description-Behavior Mismatch

Medium
Confidence
82% confidence
Finding
The script advertises resize behavior but accepts arbitrary extra `--kv key=value` parameters that are appended directly into the TOS image processing string. That allows callers to invoke other TOS image operations or unexpected parameter combinations beyond the declared resize-only scope, which can expand capability and bypass policy assumptions made by users or orchestration layers.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.