Back to skill

Security audit

rizzforms

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent RizzForms integration, but it can route ordinary website forms to an external service using admin-level credentials without enough scoping or privacy guidance.

Review before installing. Only use it when you intentionally want RizzForms or another hosted form backend; confirm webhook destinations, use the least-privileged API key available, avoid collecting secrets or regulated data unless you have proper disclosures and consent, and do not rely on the claimed bundled CLI unless the package actually includes it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The invocation guidance is overly broad and directs use of this third-party form backend for generic requests like contact, feedback, signup, lead capture, and waitlist forms, even when the user did not specifically ask for RizzForms. That can cause the agent to route users toward an external service unnecessarily, expanding data exposure and increasing the chance of collecting and transmitting sensitive form submissions to a vendor without clear user intent or informed consent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs the agent to look for an admin API key in environment variables and a user config file, and to use that high-privilege credential for operations. This encourages access to sensitive credentials from common storage locations without a clear warning about least privilege, consent, redaction, or avoiding disclosure, creating risk of credential misuse or accidental exposure.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill promotes configuring webhook delivery of submissions containing personal data and metadata such as IP address, user agent, referrer, and arbitrary form fields, but it does not include an explicit privacy, retention, consent, or third-party data-handling warning. In context, this makes the skill more dangerous because it is specifically designed to collect user-submitted data and forward it externally, which can lead to privacy violations or unsafe data flows if used without disclosure and validation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The public ingest examples show posting arbitrary form data to a third-party service but do not warn that submissions, IPs, user agents, referrers, and message contents are sent off-site. In a form-handling skill, this omission can lead builders to collect personal or sensitive data without user disclosure, privacy review, or data-minimization controls.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The framework quick starts embed forms that submit directly to forms.rizzness.com, but they do not mention third-party processing or privacy implications. Because these snippets are likely to be copied verbatim into production sites, the lack of disclosure materially increases the risk of silent external data transfer and policy noncompliance.

VirusTotal

40/40 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.