Security audit

Algernon Synthesis

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed study-synthesis workflow that reads a narrow local study database and saves session summaries to Notion and a log, with privacy considerations but no hidden or destructive behavior.

Install only if you expect this skill to access the specified OpenAlgernon study database and save summaries to Notion and a daily conversation log. Before running it, confirm the database path, the notion-cli account, and the target Notion page, especially if your Notion workspace or logs are shared.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The skill is presented as a cross-material synthesis session, but its documented behavior also includes persisting session outputs to Notion and a conversation log. This creates a capability mismatch: users invoking an analysis/synthesis flow may not reasonably expect external transmission or durable storage of their responses, which can expose study content or personal data without clear informed consent.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: Automatically sending synthesis results to Notion is an extra side effect beyond the core purpose of facilitating a synthesis session. Because the content includes conceptual gaps and the user's production scenario, this may transmit sensitive study history or user-generated text to an external system without a clear need-to-know boundary or explicit consent.

Context-Inappropriate Capability

Low

Confidence: 88% confidence
Finding: Appending synthesis details to a conversation log creates durable memory not required to complete the immediate synthesis task. Even if the content seems low sensitivity, repeated logging can accumulate behavioral and learning-profile data over time, increasing privacy risk and broadening the impact of any later compromise or misuse.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill instructs exfiltration of session content to Notion without any user-facing notice that data will be sent to an external service. In this context, the exported material includes user answers, identified gaps, and scenario details, so the lack of disclosure undermines informed consent and can leak personal or proprietary information to a third-party system.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.