Security audit

tencentcloud-faceid-analyzedenselandmarks

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises: it sends a user-provided face image or image URL to Tencent Cloud to return facial landmark coordinates.

Install only if you are comfortable sending face images or image URLs to Tencent Cloud for processing. Use images you have permission to process, avoid unnecessary sensitive face data, and use a least-privilege Tencent Cloud API key with usage monitoring.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: This skill processes face images and returns dense facial landmark data, which is highly sensitive biometric information, yet the description does not warn users that the image and derived data are sent to Tencent Cloud. Without clear disclosure and consent messaging, users may unknowingly transmit biometric data to a third party, creating privacy, compliance, and trust risks.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The script transmits face images or image URLs to Tencent Cloud for biometric analysis, but it does not provide an explicit user-facing warning or consent step about sending sensitive biometric data to a third-party remote service. In a skill that processes facial landmarks, this increases privacy and compliance risk because users may not realize their images leave the local environment and are subject to external retention, logging, or policy controls.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal