Is miladnoo/nvidia-kimi-vision safe?

https://github.com/openclaw/skills/tree/main/skills/miladnoo/nvidia-kimi-vision

98
SAFE

This skill provides legitimate image analysis functionality through NVIDIA's Kimi K2.5 vision model API. The code is straightforward with no malicious behavior detected, though users should be aware that images are transmitted to NVIDIA's servers for processing.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 98/100 · 25%
Code Execution 92/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (2)

INFO Images transmitted to NVIDIA API -2

The skill sends user-provided images to NVIDIA's API servers (integrate.api.nvidia.com) for analysis. This is the intended functionality but users should be aware that image data leaves the local system and is processed by a third-party service.

LOW Basic file path validation -8

The script performs minimal validation on user-provided file paths, using os.path.exists() before file operations. While appropriate for the skill's purpose, more robust path validation could prevent edge cases.