Anomalib Detector

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent industrial image anomaly-detection helper, with a verified batch-processing bug but no evidence of hidden, destructive, or data-exfiltrating behavior.

Install only if you are comfortable running large ML dependencies and downloading model/data assets. Use local processing for proprietary product images where possible, define your own retention/deletion process for uploaded images and heatmaps, and fix the batch error-handling bug before relying on batch API behavior in production.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 98% confidence
Finding: This is a real implementation flaw: the exception path in detect_batch attempts to instantiate DetectionResult with an unsupported error argument, which will raise another exception and break batch processing entirely. In a production API, malformed input or a single unreadable image can therefore trigger a denial-of-service condition for the whole batch instead of returning per-item failures as documented.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal