Back to skill

Security audit

Deepfocus

Security checks across malware telemetry and agentic risk

Overview

Deepfocus is a disclosed local productivity logger, though its Pomodoro timer wording is broader than what the script actually implements.

Install only if you are comfortable with a local Bash script storing your productivity notes in plaintext under ~/.local/share/deepfocus. Do not save passwords, API keys, private credentials, or highly sensitive notes, and treat it as a local task/note tracker rather than an actual Pomodoro timer unless the publisher adds timer functionality.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The manifest says the skill handles Pomodoro sessions and break timers, but the body describes a general-purpose task and note management system. In agent ecosystems, this kind of semantic deception weakens trust boundaries and policy enforcement because approval decisions may be based on the narrow manifest rather than the broader actual capability set.

Intent-Code Divergence

High
Confidence
95% confidence
Finding
The top-level description frames the skill as timer-focused, yet the embedded documentation contains no timer-specific commands and instead exposes a much broader productivity toolkit. This inconsistency increases operational risk because users may grant access expecting low-risk session timing while the skill actually manages and retrieves a larger corpus of user-generated data.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The implementation materially diverges from the advertised Pomodoro/break-timer functionality and instead provides a generic note-taking and local data collection tool. This mismatch is security-relevant because users and orchestrators may grant or invoke the skill under false assumptions, causing unintended collection and retention of productivity notes or other sensitive input.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The script exposes broader task-management, tagging, archival, reporting, and export features than are justified by a Pomodoro timer skill. Excess capability increases attack surface and the chance that users supply more sensitive data than intended, especially when the skill description suggests a narrower use case.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script creates a persistent data directory and writes user inputs and activity history to disk without explicit notice, consent, retention policy, or access controls. In a productivity context, these entries may contain schedules, priorities, work notes, or other sensitive personal/business information that remains available to other local processes or users.

Ssd 3

Medium
Confidence
97% confidence
Finding
Arbitrary user-provided content is logged and later surfaced through search, recent activity, status, and export functions, enabling broad disclosure of previously entered data. In the stated productivity/focus context, users may input confidential plans, work details, or personal reminders, so the combination of persistent storage and multiple retrieval paths increases confidentiality risk.

VirusTotal

50/50 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.