Chartmaker

Security checks across malware telemetry and agentic risk

Overview

This skill is labeled like a terminal charting tool, but the artifact actually stores, searches, and exports free-form user text in local log files.

Review before installing. Treat ChartMaker as a local text logging and export tool, not a chart renderer. Do not enter secrets, credentials, personal data, or proprietary business data unless you are comfortable with it being written under ~/.local/share/chartmaker and later searchable/exportable. The artifacts do not show network transmission or credential theft, so this is a Review classification for mismatch and retention risk rather than a malicious finding.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (10)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 99% confidence
Finding: The skill is presented as a terminal charting/visualization tool, but the documented behavior is a persistent local logging and export system for free-form user input. This mismatch is dangerous because users may provide sensitive data expecting ephemeral rendering, while the skill instead stores, searches, and exports that data, creating privacy and data-retention risk through deceptive or misleading disclosure.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The manifest description says the skill visualizes terminal data, but the documented commands implement a local datastore with logging, query, and export features. Security-relevant description inconsistencies undermine informed consent and can lead operators to expose proprietary or sensitive data to disk without realizing it.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The top-level narrative emphasizes chart rendering, while the substantive documentation describes durable logging and data-management operations. In skill ecosystems, such misrepresentation is security-significant because users and agents may select the skill for harmless visualization tasks and unknowingly trigger local collection and later disclosure of entered content.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The skill claims to be a terminal charting utility, but its exposed interface is a broad data collection and logging toolkit. This mismatch is dangerous because users and orchestrators may grant it access or provide sensitive inputs under the assumption that it only renders charts, while the script instead persists and manages collected data.

Description-Behavior Mismatch

High

Confidence: 99% confidence
Finding: The command handlers store arbitrary user input into persistent log files rather than performing chart generation. In an agent setting, this can capture prompts, secrets, or operational data and leave them on disk for later retrieval through search/export features, creating an unintended local exfiltration and retention surface.

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The skill exposes expansive capabilities such as collection, search, export, pipeline, schema, and profiling that are not necessary for a charting tool. Excess capability increases attack surface and enables misuse of the skill as a local data accumulator and discovery tool beyond its stated function.

Intent-Code Divergence

Medium

Confidence: 93% confidence
Finding: The documentation brands the tool as a visualization utility while the actual behavior is persistent logging and export. Misleading labeling is security-relevant because it can cause users, reviewers, and automation to underestimate privacy and data-handling risks and invoke the tool in inappropriate contexts.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The documentation states that free-form inputs are stored locally, searchable across logs, and exportable, but it does not warn about the privacy and security implications of retaining potentially sensitive user content. This omission increases the chance that secrets, internal metrics, personal data, or proprietary business information are unintentionally persisted and redistributed.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: User-supplied input is written verbatim to local log files without warning, consent, or retention controls. In practice, users may pass secrets, internal data, or personal information to a charting skill, and this code silently preserves that data on disk where it can later be accessed or exported.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The tool is designed to retain user inputs and later search or export them through simple workflows, effectively turning a nominal charting skill into a local corpus collector. In the skill context this is more dangerous because users would reasonably expect transient visualization, not durable storage and rediscovery of prior inputs.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal