Back to skill

Security audit

ai-sidekick

Security checks across malware telemetry and agentic risk

Overview

This skill looks like a legitimate agent-configuration toolkit, but it needs review because it creates persistent personal/project memory and credential-adjacent records without strong consent, minimization, or backup protections.

Install only if you want this skill to maintain long-term local memory about you and your projects. Before enabling it broadly, avoid storing secrets or credential locations in MEMORY.md or TOOLS.md, review what gets written to USER.md and daily logs, protect or disable memory backups, and narrow activation/usage to explicit memory or agent-configuration tasks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill includes shell commands and references to network-capable tooling, but it does not declare permissions or execution boundaries. This creates a mismatch between what the skill can induce the agent to do and what reviewers or runtime policy may expect, increasing the chance of unintended command or network use.

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger text is extremely broad, covering many generic phrases like configuring AI, training AI, security settings, and memory management. That can cause the skill to activate in unrelated conversations and inject extensive behavioral, memory, and command-handling instructions into contexts where the user did not intend this skill to run.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The guide explicitly instructs storing user-disclosed important information in memory files, but provides no consent boundary, data-minimization rule, or sensitivity filter. In a skill dedicated to persistent AI memory and behavior management, this increases the chance that personal, confidential, or regulated data will be retained beyond the user’s expectation and later exposed through backups, prompts, or file access.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The backup procedure archives MEMORY.md and the full memory directory, which may contain user preferences, project details, and other sensitive context, yet the document gives no instructions for encryption, access control, or retention handling. In this skill context, memory files are central and likely to accumulate sensitive operational data, so unprotected backups materially increase disclosure risk.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The cleanup command permanently deletes markdown logs older than 90 days without a confirmation step, dry-run example, or warning that the action is irreversible. For a memory-management skill, accidental or premature deletion can destroy audit trails, project history, or user context needed for safe operation and recovery.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to persist user-disclosed information, project decisions, API key locations, certificate paths, and other operational details into USER.md, MEMORY.md, and dated logs. Even if stored locally, this creates a durable concentration of sensitive data that can later be exposed by other skills, prompts, backups, workspace compromise, or over-broad file reads.

Session Persistence

Medium
Category
Rogue Agent
Content
1. Edit `~/.qclaw/workspace-agent-*/SOUL.md` — use `templates/soul-template.md` as reference
2. Edit `~/.qclaw/workspace-agent-*/USER.md` — fill in your profile
3. Create today's log in `~/.qclaw/workspace-agent-*/memory/`

### Security Scan (Before Installing Any Third-Party Skill)
Confidence
71% confidence
Finding
Create today's log in `~/.qclaw/workspace-agent-*/memory/` ### Security Scan (Before Installing Any Third-Party Skill) ```bash cd ~/.qclaw/skills bash ai-sidekick/scripts/security_scan.sh ./target-s

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.