Back to skill

Security audit

Awaek

Security checks across malware telemetry and agentic risk

Overview

Awaek is a disclosed local tool for syncing and searching a user's saved X bookmarks, with no evidence of hidden exfiltration or destructive behavior.

Install only if you are comfortable letting the agent search and locally store your saved X bookmarks. Prefer explicit prompts like "Awaek sync" or "Awaek find...", verify xurl before installing/authenticating it, and never paste X secrets or ~/.xurl contents into chat.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill invokes local Python scripts and the `xurl` CLI, which implies file access and network/API access, yet it declares no explicit permissions. That creates a transparency and policy-enforcement gap: a host may allow installation or execution without clearly surfacing that the skill can read local data stores and contact external services.

Tp4

High
Category
MCP Tool Poisoning
Confidence
84% confidence
Finding
The description frames the skill mainly as a source engine for answering from saved bookmarks, but the documented behavior includes syncing, indexing, classification, link extraction, and persistent storage. This mismatch can mislead users and reviewers about the actual data processing performed, reducing informed consent and increasing privacy risk around local bookmark content.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The trigger phrases include broad natural language such as 'my saves', 'my bookmarks', and 'saved X bookmarks', which could cause accidental invocation during ordinary conversation. Unintended activation matters here because the skill can query local evidence stores and potentially initiate setup/sync guidance tied to external account data.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill registers on very broad phrases such as 'my saves', 'my bookmarks', and 'saved posts', which are common everyday terms and can cause accidental invocation outside the user's intent. Unintended activation is risky here because the skill can inspect local bookmark data and run local scripts, increasing the chance of unnecessary access to personal data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.