Back to skill

Security audit

PikaBoard

Security checks across malware telemetry and agentic risk

Overview

PikaBoard is a disclosed local task-board integration, but users should handle its API token carefully and review task changes before automation.

Install only if you trust the PikaBoard GitHub repository and its npm dependencies. Use a dedicated PikaBoard token, avoid storing the real token in shared files such as TOOLS.md, configure MY_BOARD_ID before agent use, and require confirmation for task or board changes that matter.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill declares install and runtime shell/script capabilities (`npm install`, `npm run build`, startup commands, helper scripts) but does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: an agent or user may invoke code-executing behavior without explicit acknowledgement that the skill runs local commands and installs third-party dependencies.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly instructs an agent or user to read a bearer token from a local backend .env file and use it for API calls, but provides no warning about secure handling, least-privilege use, or avoiding disclosure in logs and prompts. In an agent-skill context, this is risky because automated systems may echo secrets into transcripts, shell history, telemetry, or downstream tools, leading to credential exposure and unauthorized API access.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger terms include very generic words like `tasks`, `board`, `todo`, `backlog`, and `sprint`, which are likely to match ordinary conversation and cause the skill to activate unexpectedly. In this skill, accidental activation is more dangerous because the skill supports authenticated API calls that can read and modify task data.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation prominently includes authenticated create and update examples for tasks, but does not warn that these operations modify persistent project data. Combined with broad triggers and agent-oriented setup, this increases the chance an agent performs unintended writes to the task system without clear user consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.