TrendProof

Security checks across malware telemetry and agentic risk

Overview

TrendProof appears to be a legitimate keyword-trend API helper, but it asks users to paste an API key into chat and stores that key locally in plaintext without strong safeguards.

Install only if you are comfortable using TrendProof with an API key and sending your queried keywords to trendproof.dev. Prefer setting TRENDPROOF_API_KEY through your environment or a secret manager instead of pasting the key into chat or saving it in the plaintext config file, and avoid using broad batch files unless you intend every listed keyword to be sent to the service.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill documentation directs the agent to use environment access, local file reads/writes, and outbound network calls, but it declares no permissions. That mismatch can bypass user/operator expectations and weakens security review because the skill can handle secrets, persist data, and exfiltrate inputs without transparent capability declaration.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 89% confidence
Finding: The documented behavior understates what the skill actually does: it collects and stores API keys, reads arbitrary local keyword files, and appears to support larger batch operations than advertised. This kind of description-behavior mismatch undermines informed consent and can cause users or orchestrators to approve a skill for narrow data lookup when it also handles secrets and local data.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The configure command stores the API key in plaintext under ~/.config/clawdbot/trendproof.json without warning the user or setting restrictive permissions. On multi-user systems or in environments with lax default umask, other local users or processes may be able to read the credential, leading to unauthorized API usage or account abuse.

Ssd 3

Medium

Confidence: 98% confidence
Finding: The skill instructs the agent to ask the user to paste an API key directly into chat and then save it locally. Secrets sent through chat may be logged, retained in transcripts, exposed to other tools, or mishandled by downstream systems, making credential compromise much more likely.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal