Back to skill

Security audit

reviewer-rebuttal-coach

Security checks across malware telemetry and agentic risk

Overview

This skill is a narrow clipboard-based reviewer-feedback helper; the main risk is accidentally processing whatever sensitive text is currently on the clipboard.

Install only if you are comfortable with the agent reading and printing your current clipboard. Before use, copy only the reviewer comments or feedback you want processed, and avoid leaving passwords, API keys, confidential drafts, or unrelated private text on the clipboard.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger examples are broad enough that a user may invoke the skill without clearly consenting to clipboard access at that moment. Because clipboard contents often contain unrelated sensitive material, vague invocation scope can lead to unintended collection and processing of private data.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill is explicitly designed to read clipboard data but provides no warning that the clipboard may contain sensitive or unrelated information. This creates a privacy risk because users may trigger the skill assuming only review comments are processed, while secrets, personal data, or proprietary text could be exposed instead.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script unconditionally reads the system clipboard via a subprocess and emits its contents to stdout without any user-facing warning, confirmation, or sensitivity check. Because clipboard contents often contain passwords, API keys, private reviewer comments, or unrelated personal data, this creates a real confidentiality risk, especially in an agent skill that may be invoked automatically as part of a workflow.

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/read_clipboard.mjs:5