Coda Packs

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Coda Pack management helper, but it can change or delete Packs when given a Coda API token.

Install only if you want an agent to manage private Coda Packs. Prefer CODA_API_TOKEN over --token, use the least-privileged token available, verify Pack IDs before update or delete, avoid --force unless you explicitly approved deletion, and treat --readme as inline README text unless the skill is fixed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The CLI advertises --readme as a file path, but the implementation passes the raw argument string directly into the API payload instead of reading the file contents. This can cause users to unintentionally publish local filesystem paths or malformed README data to the remote service, creating integrity and potential information disclosure issues.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: Allowing API tokens to be supplied on the command line exposes them to process listings, shell history, audit logs, and CI job output on many systems. While common in simple CLIs, this is still a credential-handling weakness because secrets may be disclosed to other local users or logging systems.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal