Back to skill

Security audit

HokiPoki

Security checks across malware telemetry and agentic risk

Overview

HokiPoki is a disclosed AI-routing skill, but it deserves Review because it can send large project contents off-device, auto-apply returned patches, and run a provider listener using local AI accounts.

Install only if you trust the HokiPoki CLI and are comfortable sending chosen project content to remote models or teammates. Prefer specific files over --dir or --all, review for secrets first, use --no-auto-apply unless you want returned patches applied, and run provider/listener mode only for trusted workspaces and accounts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The command reference documents capabilities that go beyond simple model switching: sending arbitrary task descriptions, including specific files/directories or the entire repo, routing to team workspaces, and optionally auto-applying patches. In a skill framed as merely 'switch AI models,' this is security-relevant because it enables code transfer and delegated execution against external providers, increasing the risk of unintended data exposure or unauthorized code modification if invoked too broadly.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list includes broad natural-language phrases like 'ask another AI', 'get a second opinion', and 'switch models', which can match ordinary conversation rather than an explicit request to invoke this skill. That increases the chance of unintended activation and, in this skill's context, could lead to accidental routing of prompts or code to external AI providers.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to send files, directories, or the whole project to remote AI models and even route them through a P2P network, but it does not require an explicit privacy/security warning or user confirmation about data disclosure. In practice, this can expose proprietary code, secrets, personal data, or internal documentation to third parties or teammates unintentionally.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.