Security audit

Google Jules Tools CLI

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed helper for Google Jules CLI sessions, with expected install, login, network, and repository-change risks that users should handle carefully.

Install only if you intend to let your agent use Google Jules. Prefer a normal user-level npm install over sudo, authenticate with the intended Google account, run pulls on a clean branch or disposable clone when possible, and review `git status` and diffs before committing, merging, or deploying any pulled changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill instructs the agent to run `jules remote pull --session <session_id>` to retrieve remote code changes, but it does not explicitly warn that this operation can modify the local repository/worktree. In an agent context, pulling remote-generated code into the current checkout can overwrite files, introduce unreviewed changes, or disrupt the user's working state if performed without confirmation and isolation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal