Security audit

AI Image & Video Toolkit — Free Upscale, Face Enhance, BG Remove & Generation

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do the advertised image and video processing work, with clear privacy and disk-space caveats for cloud generation and model downloads.

Install only if you are comfortable with uv installing Python dependencies, large local model caches, and Atlas Cloud receiving prompts or reference images when cloud generation is used. Keep the Atlas API key private, use local tools for sensitive media, review the WebSearch setting if installing into a Claude environment, and use face-swap or NSFW capabilities only where you have appropriate consent and rights.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (6)

Tainted flow: 'url' from requests.post (line 75, network input) → requests.get (network output)

Medium

Category: Data Flow
Content: def download_file(url, output_path): resp = requests.get(url, stream=True, timeout=60) resp.raise_for_status() with open(output_path, "wb") as f: for chunk in resp.iter_content(chunk_size=8192):
Confidence: 92% confidence
Finding: resp = requests.get(url, stream=True, timeout=60)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill advertises and documents capabilities that access environment variables, write files, invoke shell commands, and make network requests, but it does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: an agent or user may invoke a skill with broader authority than expected, including access to ATLAS_CLOUD_API_KEY, cloud transmission, local model downloads, and file creation under ./output/.

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The script silently downloads a model from Hugging Face at runtime even though the skill is described primarily as a local face-swap tool. Undeclared network access expands the trust boundary, can leak usage metadata/IP information, and introduces supply-chain risk because a remote artifact is fetched without integrity verification or explicit user consent.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The description uses very broad routing language such as 'Use when user asks to process, enhance, upscale, generate, or edit images/videos,' which could match many ordinary media requests and cause over-invocation. In context, that broad trigger is more dangerous because the skill can execute shell commands, write files, download large models, and send prompts/images to a cloud API, so accidental routing has privacy, cost, and system-impact consequences.

Missing User Warnings

Low

Confidence: 82% confidence
Finding: The documentation mentions cloud transmission for Atlas Cloud but under-discloses other important side effects: automatic local model downloads totaling about 1.5GB and default writes to ./output/ and cache directories. This is a real safety/usability issue because users may unknowingly consume disk space, persist sensitive media locally, or trigger downloads in constrained environments.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script contacts an external service to retrieve a model without clearly disclosing that it will make a network request. In a skill advertised as local image/video processing, this is more concerning because operators may reasonably assume offline execution; the hidden network dependency creates privacy, compliance, and supply-chain exposure.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal