Vision

Security checks across malware telemetry and agentic risk

Overview

This is a local image-processing skill that fits its stated purpose, with a privacy caveat for optional image metadata output.

Install if you want local ImageMagick-based image processing. Be careful with output paths because generated files can overwrite paths you choose, and treat the info command's EXIF output as private when working with personal photos.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 80% confidence
Finding: The skill metadata and user-facing description present the tool as doing only image transformations, but the static finding indicates it also reads EXIF/photo metadata and may invoke exiftool when available. Undisclosed metadata extraction expands the skill's data access beyond user expectations and can expose sensitive information such as GPS coordinates, device details, timestamps, and author information, especially in an agent context where outputs may be relayed elsewhere.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The info command deliberately extracts and prints EXIF metadata, which can include privacy-sensitive details such as camera model, timestamp, and potentially other identifying information. In an agent skill context, returning metadata without an explicit privacy warning or an opt-in mechanism can cause unintended disclosure when users inspect untrusted or personal images.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal