OpenTIL

Security checks across malware telemetry and agentic risk

Overview

This OpenTIL skill is a coherent TIL capture and management integration, but users should understand that it can publish content and store account tokens locally.

Install only if you are comfortable giving the agent an OpenTIL token that can read, write, publish, and delete entries. Protect ~/.til/credentials, review what you capture before syncing or publishing, and decline proactive captures in conversations involving secrets, customer data, proprietary systems, or incident details.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The auto-detection rules authorize the agent to proactively suggest captures based on subjective conversation cues such as 'aha' moments. In a skill that can persist or publish conversation-derived content, vague trigger criteria increase the risk of unintended collection or disclosure of sensitive user material, even if only as a suggestion.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The setup instructs users to place a long-lived token with read, write, and delete scopes into an environment variable and shell workflow without warning about exposure risks. Tokens set this way may leak through shell history, process inspection, logs, screenshots, or inherited environments, enabling unauthorized access to the user's OpenTIL account.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal