Back to skill

Security audit

Coze Studio

Security checks across malware telemetry and agentic risk

Overview

This package appears to be a local placeholder utility, not the full Coze Studio platform it advertises.

Review carefully before installing if you expect real Coze Studio functionality. The visible code looks local-only and not malicious, but it is materially over-described; avoid entering secrets or private data in arguments, and check or clear the configured data directory if you use it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
82% confidence
Finding
The skill exposes broad command triggers such as help, run, info, and status without defining what inputs are allowed, what actions each command performs, or what safeguards apply. In an agent ecosystem, ambiguous triggers can cause unintended invocation paths or make it easier for downstream tooling to pass attacker-controlled arguments into sensitive operations.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The script logs command arguments to a persistent history file under the user's data directory without clear notice or consent. If users pass sensitive values in arguments, those secrets may be retained on disk longer than expected and later exposed to other local processes, backups, or shared accounts.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The add command persists arbitrary user-provided content into a local database file without explicit warning that the data will be stored. This can cause accidental retention of private or regulated information when users assume the tool is transient, especially given the skill's misleading platform-oriented description.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.