Back to skill

Security audit

Fridge

Security checks across malware telemetry and agentic risk

Overview

This is a local fridge logging tool that stores user-entered household notes on the machine, with no evidence of hidden network access or destructive behavior.

Install only if you are comfortable with household notes being saved locally in plaintext-like files under `~/.local/share/fridge`. Avoid entering sensitive personal details on shared or heavily backed-up machines, and do not rely on it for real timed expiry alerts without separately verifying that behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script persistently stores arbitrary user input under ~/.local/share/fridge and later exposes it through search, recent, status, and export functions without any upfront disclosure, retention limit, or consent mechanism. In the context of a household inventory tool, users may enter shopping habits, schedules, costs, or other personal details, so silent long-term logging creates a real privacy risk if the local account, backups, or exported files are accessed by others.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.