Security audit

Self Improving To Expertpack

Security checks across malware telemetry and agentic risk

Overview

This is a local migration tool, but it can package private workspace instructions into an export while overstating its safety and output guarantees.

Install only if you intend to export local agent-learning content. Before publishing, committing, or sharing the generated ExpertPack, manually inspect it for secrets, private project instructions, customer data, and stale or unsafe agent rules; do not rely on the advertised automatic secret stripping as complete.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill documentation indicates capabilities to read from the workspace, write exported files, and reference an external website, but it declares no explicit permissions. Missing permission declarations weaken operator awareness and policy enforcement, increasing the chance that a user invokes a skill that can access or export more data than expected.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 93% confidence
Finding: The skill description overstates and misstates behavior: it claims YAML frontmatter on all content files, multi-layer retrieval, and EK measurement support, while the documented behavior also includes scanning additional workspace files and secret redaction that are not prominently disclosed. This mismatch is dangerous because users may grant the skill trust or broad workspace access based on incomplete understanding, leading to unintended data collection, incomplete exports, or unsafe reliance on missing safeguards.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The converter reads promoted workspace files such as CLAUDE.md, AGENTS.md, SOUL.md, TOOLS.md, and .github/copilot-instructions.md, then exports their contents into the generated pack if they contain matching keywords. In a migration/export tool, this creates a real confidentiality risk because users may unintentionally package and share internal instructions, operational context, or sensitive business content; the built-in regex redaction is heuristic and cannot be relied on to catch all secrets or sensitive data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal