xmind

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent XMind helper, but users should know it runs a pinned npm MCP package and creates local files.

Before installing, be comfortable with the skill running a pinned npm MCP package through npx. Specify an output path if you do not want files saved to Desktop, and avoid using sensitive content unless you trust the local MCP package and chat attachment handling.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrases are generic enough that normal conversational requests like 'make an XMind from this' or 'summarize this XMind' could invoke the skill without clear user intent to run the external MCP workflow. Because the skill can launch `npx` and create/read local files, over-broad activation increases the chance of unintended tool execution and unexpected handling of local content.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill silently defaults to writing output to `~/Desktop` when the user does not specify a path, which causes local file creation without explicit consent or warning. In an agent context, unexpected writes to a predictable user-visible location can leak sensitive content, create confusion, or enable abuse through repeated unwanted file drops.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal