keyphrase-counter

Security checks across malware telemetry and agentic risk

Overview

The skill is advertised as a local keyphrase counter, but its code includes undisclosed network features that can send local file contents to any endpoint.

Review before installing. Treat this as more than a local text-processing skill: avoid running it with --url, --endpoint, or --payload, especially on sensitive files or internal networks, unless the publisher removes or clearly documents and constrains those behaviors.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The script reads arbitrary file contents from the path given in --payload and sends them to a user-supplied remote endpoint with no validation, allowlist, confirmation, or disclosure. In an agent context, this creates a straightforward exfiltration primitive: sensitive local data can be transmitted off-host if untrusted inputs control the arguments.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal