Back to skill

Security audit

Rank Tracker

Security checks across malware telemetry and agentic risk

Overview

The skill appears non-malicious, but it under-discloses local code execution compared with its declared web-only tool surface.

Review before installing. Only use this skill if you are comfortable with it running a local Python script and maintaining local ledger files, and prefer a version whose manifest explicitly declares the required execution and filesystem capabilities.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill declares an allowed tool surface of only WebFetch, yet instructs the agent to run a local Python ledger script under ${CLAUDE_PLUGIN_ROOT}. That creates a capability mismatch: a host or reviewer may assume the skill is network-fetch only, while the content attempts local code execution and file access through an undeclared path, which can expand privileges and bypass expected guardrails.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.