Back to skill

Security audit

Consent

Security checks across malware telemetry and agentic risk

Overview

This skill is packaged as cookie-consent tooling, but it mainly acts as a local plaintext logger for arbitrary and credential-like inputs.

Review this carefully before installing. Treat it as a plaintext local logging script, not as a secure consent-banner, password, token, or compliance system. Do not enter real credentials, API keys, tokens, passwords, regulated personal data, or sensitive consent records unless you are comfortable with them being stored and exported from ~/.local/share/consent in plain text.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (12)

Tp4

High
Category
MCP Tool Poisoning
Confidence
98% confidence
Finding
The skill’s declared purpose is cookie-consent/GDPR banner management, but the documented behavior is a generic local logging and credential/token handling toolkit. That mismatch is dangerous because users may trust it with privacy/compliance workflows while it actually stores arbitrary inputs, including secret-like values, in plain-text logs and exposes export/search/retrieve capabilities unrelated to the stated purpose.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The manifest advertises a GDPR cookie-consent/compliance skill, while the body describes a broader security logging and credential/token management system. This kind of semantic deception increases the chance of unsafe deployment and inappropriate trust, especially in agent ecosystems where tools are selected by metadata and description.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
Commands like rotate, check-strength, hash, verify, revoke, store, and retrieve imply credential and token lifecycle management, which is unrelated to a cookie-consent banner skill. In context, this broadens the attack surface and invites users to input sensitive material that will then be logged locally, creating confidentiality and misuse risks.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The title and usage guidance frame the skill as consent/compliance tooling, while the content simultaneously presents a generic security toolkit with unrelated credential-management capabilities. This inconsistency can mislead operators, cause unsafe assumptions about scope, and make harmful behaviors seem legitimate within a privacy workflow.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The skill metadata says it builds cookie consent banners and audits compliance, but the implementation is a generic local input logger with unrelated commands like generate, rotate, hash, verify, and revoke. That mismatch is dangerous because users may trust it with sensitive consent/compliance data under false pretenses, while the script instead stores arbitrary inputs and provides search/export access to them.

Context-Inappropriate Capability

Medium
Confidence
83% confidence
Finding
Exposing security/cryptographic-sounding operations in a cookie-consent skill is unjustified and increases the chance of misuse or misplaced trust. In context, these commands do not actually implement secure crypto workflows and instead act as wrappers for persistent logging, which can mislead users into submitting sensitive material.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
Labeling the script as a 'security tool' directly conflicts with the advertised cookie-consent purpose and can cause operators to over-trust it or use it for sensitive security tasks it does not perform safely. Misleading security branding is especially risky here because the script persistently records user input without meaningful safeguards.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The help text presents the program as a security toolkit rather than a consent-management utility, reinforcing a deceptive mismatch between presentation and behavior. This can lead users to provide sensitive inputs or rely on the tool in inappropriate contexts, increasing exposure of stored data.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The documentation explicitly says all data is stored locally in plain-text and offers commands for storing, retrieving, hashing, rotating, and verifying values, but it does not warn users not to enter secrets or personal data. Given the privacy/compliance framing, users are especially likely to provide regulated or sensitive data, which would then be persisted insecurely.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The examples include secret-like values such as API keys, database passwords, and passphrases being generated, rotated, or checked, yet the skill stores inputs in plain-text local logs. This normalizes unsafe handling of credentials and creates a direct path to credential disclosure through log files, export artifacts, or local compromise.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
User-supplied input is written verbatim to persistent log files under the user's home directory, with no warning, consent notice, minimization, or redaction. In a consent/compliance context, those inputs could contain identifiers, policy text, tokens, or other sensitive material that can later be searched, viewed, or exported.

Ssd 3

High
Confidence
97% confidence
Finding
The script is fundamentally a persistent data collection utility: it stores arbitrary user input across multiple commands and exposes that data through search, recent, status, and export features. In the context of a purported cookie-consent skill, this is more dangerous because operators are likely to enter privacy-related or compliance-sensitive information, which the tool then accumulates and rediscloses locally.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.