Security audit

skill-inventory

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward local skills catalog generator, with the main practical risk that it can overwrite a workspace skills.md file.

Install only if you want a local tool that scans your installed skills and regenerates a workspace skills.md catalog. Check or back up any existing skills.md file first if you maintain it manually.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill explicitly instructs the agent to scan the skills directory, read each skill's SKILL.md, and generate or update a workspace file (skills.md), but the manifest does not declare corresponding read/write permissions. This creates a transparency and consent gap: an agent or reviewer cannot reliably understand that invoking the skill causes filesystem reads and a write, which can lead to unintended modification of workspace state.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The trigger language around updating the inventory is broad enough that the skill may activate for generic requests about skills, even though running it writes or rewrites a workspace file. Ambiguous activation increases the chance of the agent performing state-changing actions when the user may have only wanted to inspect existing information.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The manifest description includes broad phrases like '更新技能目录' and 'skills inventory' without distinguishing between listing installed skills and regenerating the inventory file. That ambiguity can cause overbroad matching and lead to unintended execution of a file-writing workflow in response to loosely related requests.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The documentation describes how to run the inventory generator and notes that it will generate <workspace>/skills.md, but it does not present this as an explicit user-facing warning before execution. Because the skill modifies workspace files, lack of prominent notice can mislead users into invoking it without understanding the side effect or the possibility of overwriting an existing inventory file.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal