AI Photo Restorer & Colorizer

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Media.io photo-restoration integration, with expected privacy and credit-use considerations but no hidden or destructive behavior found.

Before installing, use a dedicated or revocable Media.io API key if possible, only process images you own or are authorized to edit, and avoid highly sensitive photos unless you are comfortable with Media.io processing them and returning public preview URLs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill sends user-supplied image URLs and related request data to Media.io, a third-party service, but does not clearly disclose that external data transfer in a user-facing warning. This can mislead users about where their content is processed and creates privacy and consent risk, especially for personal or sensitive photos.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal