Back to skill

Security audit

trustlog

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent audit-receipt helper, with an optional cloud upload path that users should treat carefully but that is disclosed and purpose-aligned.

Install only if you are comfortable running the referenced npm tools. Use the local receipt workflow by default, review .trustlog files for secrets or sensitive project details before sharing, and use the Vaultline upload only when you intentionally want that receipt sent to the external service with a scoped, revocable API key.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill is described as producing and verifying local-first receipts, but it later adds instructions to upload those receipts to Vaultline. This creates a confidentiality and trust-boundary mismatch: users may believe artifacts remain local while the skill encourages external transmission of potentially sensitive operational summaries.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The Vaultline integration introduces a networked artifact upload path that is not necessary to create, summarize, or verify trust receipts locally. Because receipts may contain command history, file-change summaries, and redaction-sensitive content, adding a cloud upload example expands the attack surface and can lead to unintended disclosure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The example sends receipt contents to an external service using an API key from the environment, but the surrounding text does not clearly disclose the network transmission or credential use. This weak disclosure is dangerous because users may run the snippet assuming it is a routine local archival step, unintentionally exposing sensitive receipt data and relying on privileged credentials without informed consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.