Elite To Expertpack

Security checks across malware telemetry and agentic risk

Overview

This is a local memory converter, but it under-discloses sensitive profile export and overstates parts of the generated package.

Install only if you intend to export local agent memory and possibly user/profile information into a portable folder. Inspect the generated pack, especially relationships/primary-user.md, before committing, syncing, sharing, or publishing it, and do not rely on the built-in secret stripping as complete privacy protection.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 86% confidence
Finding: The skill instructs users to run a Python converter that reads from local memory stores and writes a full export to disk, but it declares no permissions or equivalent warning metadata. This can mislead users and any hosting platform about the skill's actual access level, reducing informed consent and oversight for operations that touch potentially sensitive local knowledge stores.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 91% confidence
Finding: The documented behavior materially overstates what is migrated and what protections/formats are provided, including claims about YAML frontmatter, warm-store migration, and cloud-layer handling that are not actually performed. In a memory-export skill, such discrepancies are dangerous because users may trust the output as complete, properly structured, and safely sanitized when important data may be skipped or exported differently than expected.

Context-Inappropriate Capability

Low

Confidence: 77% confidence
Finding: The converter silently reads and exports USER.md into the output pack even though the declared migration scope centers on memory-layer artifacts. In a memory-export skill, this broadens collection to potentially sensitive profile or relationship data and can leak personal information into a portable package users may share or publish, especially since the redaction logic only covers a narrow set of secret patterns and not general PII.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill lacks a prominent warning that it writes a comprehensive ExpertPack to disk from local memory sources, which may include sensitive personal, operational, or historical knowledge. That omission increases the chance of accidental bulk export, improper storage, or subsequent publication of migrated data without the user's full awareness.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal