Back to skill

Security audit

Outline Kb

Security checks across malware telemetry and agentic risk

Overview

This Outline helper is not malware, but it gives an agent broad workspace and admin-level Outline API power without tight scoping or consistent confirmation rules.

Install only if you want the agent to operate on your Outline workspace through an API key. Use the least-privileged key available, set OUTLINE_BASE_URL only to your trusted Outline instance, and require explicit approval before any write, delete, export, invite, share, role, OAuth, group, user, or permission change.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
This reference exposes OAuth client management and user-administration capabilities such as rotating client secrets, changing user roles, suspending users, and deleting users. For a skill described primarily as a knowledge-base interaction tool, documenting and potentially enabling these higher-privilege organization controls materially expands the reachable attack surface and could facilitate privilege abuse or tenant-wide disruption if the skill is over-permissioned or misused.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
These endpoints include organization-level group management and OAuth authentication/client operations that go beyond ordinary document search and editing. Even if merely documented, their presence signals that the skill may be designed to invoke privileged actions inconsistent with user expectations, increasing the risk of unauthorized access changes, credential lifecycle abuse, or broader administrative impact.

External Transmission

Medium
Category
Data Exfiltration
Content
## 调用方式

读取环境变量后用 curl 调用:

```bash
OUTLINE_BASE_URL="${OUTLINE_BASE_URL:?未设置 OUTLINE_BASE_URL}"
Confidence
92% confidence
Finding
curl 调用: ```bash OUTLINE_BASE_URL="${OUTLINE_BASE_URL:?未设置 OUTLINE_BASE_URL}" OUTLINE_API_KEY="${OUTLINE_API_KEY:?未设置 OUTLINE_API_KEY}" curl -s "$OUTLINE_BASE_URL/documents.list" \ -X POST -H "aut

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.