Back to skill

Security audit

Topic Research

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it can send excerpts from local files to Tavily and retain raw research data locally without tight scoping.

Install only if you are comfortable using Tavily for this workflow. Do not point source_file at secrets, credentials, personal data, or unrelated project files; review the raw JSON before sharing or committing it, and verify the Tavily installer before running the setup command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
78% confidence
Finding
The activation guidance is broad enough that an agent may invoke this skill for loosely related research tasks without clear user intent, increasing the chance of unnecessary external queries and local file creation. In an agent setting, ambiguous invocation criteria can become a security issue because it expands when privileged actions occur.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly writes normalized reports and raw JSON into repo-local paths but does not warn that running it will create or overwrite files. Silent or under-disclosed filesystem modification is dangerous in automated agent workflows because it can surprise users, pollute repositories, or overwrite sensitive work products.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The workflow sends a combined research query to the Tavily CLI, which may include user-provided topic text, source file content, or seed URLs, yet there is no privacy or data-handling warning. This is risky because agents may forward sensitive project context to a third-party service without informed consent or minimization.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
If `source_file` is supplied, the skill reads local file contents and includes up to 1200 characters in the query sent to the external `tvly` research CLI. Because `source_file` can resolve to any path under or outside the workspace when absolute paths are provided, this can exfiltrate sensitive local data to a third-party service without clear consent or redaction.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill persists raw research payloads, stderr, request metadata, source file paths, and executed command details into workspace files. This can create a local data exposure and retention problem, especially if the external tool returns sensitive content or error messages containing tokens, internal paths, or other confidential context.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.