Back to skill

Security audit

Ai Intelligent Face Recognition

Security checks across malware telemetry and agentic risk

Overview

This is a transparent face-recognition skill, but it handles sensitive biometric use cases and should only be used with proper legal, privacy, and consent controls.

Before installing, review the external repository and dependency list yourself. Use this only where face recognition is lawful and authorized, get appropriate consent, minimize stored images or face embeddings, define retention and deletion rules, and avoid access-control, monitoring, or VIP-identification deployment without audit controls and human oversight.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This skill advertises face detection, comparison, search, liveness detection, and attribute inference, all of which involve highly sensitive biometric and personal data, yet it provides no privacy warning, consent guidance, retention policy, or compliance notice. In the context of facial recognition, this omission increases the risk of unlawful collection, misuse, over-retention, and deployment in sensitive surveillance or identity-verification scenarios without informed user awareness.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.