Back to skill

Security audit

Aident Skill

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly coherent for Aident integration workflows, but it grants broad live-app action capability and relies on mutable remote setup and local token storage patterns that users should review before installing.

Install only if you intend to let Aident broker access to connected work apps and remote tools. Review the remote setup instructions before letting an agent follow them, connect only the accounts and scopes you actually need, confirm any send/post/update/delete action before execution, and protect or remove ~/.aident/credentials.json when you are done.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill instructs the agent to fetch remote content, run shell commands such as `npx skills add aident-ai/aident-skill`, and potentially create or update local state, but it does not declare any explicit permissions or capability boundaries. That mismatch can cause hosts or reviewers to underestimate the skill's operational reach, increasing the risk of unintended command execution, remote trust of fetched instructions, or file changes during setup/update flows.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The README explicitly promotes using an agent to execute real actions across 1,000+ connected tools and apps, but it does not clearly warn that these operations can affect live external systems, user data, communications, and business records. In an agent context, omission of such safety guidance increases the chance of unintended or overbroad actions, especially because the skill is designed to bridge from chat into operational capabilities.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The routing and setup language is broad enough that generic requests about setup, install, migrate, or update could trigger this skill and lead the agent into network fetches and shell-based installation flows. In a skill that can invoke external setup instructions and CLI commands, over-broad activation increases the chance of the skill being applied in contexts the user did not specifically intend, which can cause unnecessary remote access or system modification.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The setup guide instructs users to connect an MCP client to a remote third-party server and authenticate, but it does not clearly warn that subsequent prompts, tool calls, and potentially sensitive workspace context may be transmitted to that remote service. In an agent-skill context, this omission is security-relevant because users may enable the integration without understanding the data exposure and trust boundary they are creating.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script persists a bearer access token to ~/.aident/credentials.json without setting restrictive file permissions or warning the user that a reusable secret is being stored locally. If another local user, process, backup system, or accidental commit exposes that file, the token could be reused to access the associated API as the authenticated user.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
scripts/test-rest-api.sh:223