Back to skill

Security audit

Equity

Security checks across malware telemetry and agentic risk

Overview

This skill is advertised for startup equity modeling, but its script mainly stores arbitrary command inputs in local plaintext logs instead of performing equity calculations.

Review carefully before installing. Do not use it for real cap table or financing work unless the publisher provides actual equity-modeling logic. Avoid entering confidential founder, employee, investor, valuation, grant, or fundraising details unless you are comfortable with local plaintext logs under ~/.local/share/equity and can manage or delete that data yourself.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The skill is presented as an equity modeling tool, but the documented behavior includes generic local logging, history tracking, search, and export capabilities that are broader than the stated purpose. This creates unnecessary collection and retention of potentially sensitive user inputs such as cap table data, compensation details, and fundraising information, increasing privacy and data exposure risk if logs are later accessed, searched, or exported.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The advertised purpose is startup equity modeling, but the implemented functionality is a generic persistent logger with no cap table, dilution, or vesting features. This mismatch is dangerous because users may provide sensitive company, compensation, or fundraising data under false assumptions about purpose and handling, enabling unauthorized collection and later review/export of that data.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The script includes broad search, recent-history, status, and export capabilities over accumulated local logs without demonstrating a legitimate need tied to equity planning. These features increase the exposure surface for sensitive user inputs by making discovery and bulk extraction easier if the host is shared, compromised, or the user misunderstands what is being stored.

Intent-Code Divergence

Medium
Confidence
87% confidence
Finding
Branding and help text present the tool as an equity utility, but the behavior is inconsistent with that claim and instead operates as a generic collector of arbitrary input. Misrepresentation is security-relevant here because it can socially engineer users into entering confidential startup data they would not submit to a plain logging utility.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
User-provided input is written verbatim to persistent log files under the user's home directory, but the interface does not clearly warn that entered data will be retained. In the context of an equity-planning skill, inputs may include highly sensitive cap table, compensation, or fundraising information, so silent persistence creates a meaningful confidentiality and privacy risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.