Back to skill

Security audit

Dotfiles

Security checks across malware telemetry and agentic risk

Overview

This package is advertised as a dotfile backup/sync tool, but the artifacts show it is really a local sysops logging and export tool.

Treat this as a local operational notes logger, not as a real dotfile backup or restore tool. Do not rely on it to protect configuration files, and avoid entering secrets, tokens, host details, incident data, or sensitive config contents unless you are comfortable with that text being stored locally and exportable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (10)

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The skill metadata presents a narrow dotfiles backup/sync purpose, but the documented behavior is a broad persistent logging and reporting toolkit that stores arbitrary user-provided system and operational data. This mismatch can mislead users and downstream agents into supplying sensitive configuration, incident, or infrastructure details under a less risky label, increasing the chance of unintended data collection and exposure.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The documented commands describe a general sysops logging/monitoring system rather than a dotfile management tool, which is a strong semantic integrity issue. In an agent context, this can cause the skill to be invoked in situations where users expect configuration sync but instead persist operational observations, alerts, fixes, and other potentially sensitive records to local storage.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
Using the name 'Dotfiles' while documenting unrelated auditing and monitoring behavior creates deceptive affordances that can lead users or autonomous systems to over-trust the skill. Although this issue is primarily semantic, it materially increases the risk of sensitive data being entered into a tool whose persistence and broader scope are not obvious from its identity.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill metadata advertises dotfile backup, sync, and version tracking, but the implementation is a generic local logging utility with unrelated commands. This mismatch is dangerous because users may trust it with sensitive configuration-management tasks while it instead stores arbitrary input locally, creating misleading expectations and possible unintended disclosure of secrets entered as 'dotfiles' content.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The script headers describe it as a 'sysops tool/toolkit' while the skill manifest claims it is for dotfiles backup and synchronization. Contradictory identity and purpose increase the chance of operator misuse and conceal the true behavior of persistent local logging.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
Commands named 'backup' and 'restore' imply file operations, but they only append user-supplied text to log files. In the context of a dotfiles skill, this can mislead users into believing backups or restores occurred when no protection or recovery exists, potentially causing data loss and exposing sensitive configuration values entered at the prompt.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly stores arbitrary input in local logs and supports export/search, but it provides no warning that users may inadvertently persist secrets, hostnames, incident details, or configuration contents. In the context of system administration and dotfiles, inputs frequently contain sensitive operational data, so silent persistence meaningfully raises confidentiality risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The command handlers persist arbitrary user input into files under ~/.local/share/dotfiles without notice or consent prompts. Users may enter hostnames, tokens, paths, or configuration snippets expecting transient processing, but the tool silently retains them for later viewing and export.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The export feature aggregates previously stored log data into additional artifacts such as JSON, CSV, and TXT files without warning. This broadens data exposure by duplicating accumulated content into easier-to-share files, increasing the chance of accidental leakage of sensitive entries.

Ssd 3

Medium
Confidence
96% confidence
Finding
The script is effectively a persistent data collection and retrieval utility: many commands write arbitrary input to disk, and other commands search, display, and export that content. In a skill presented as a dotfiles backup tool, this behavior is more dangerous because users may provide sensitive system configuration data under false assumptions about purpose and handling.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.