Back to skill

Security audit

Deploy Tool

Security checks across malware telemetry and agentic risk

Overview

This appears to be a local deployment-note logger, not a real PHP deployment tool, and it does not show network, credential, or destructive behavior.

Install only if you want a simple local logbook for deployment notes. Do not treat it as a PHP deployment automation tool, and do not enter passwords, tokens, private keys, or sensitive operational details because entries may remain searchable on disk.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The manifest and description claim a PHP deployment tool, but the body documents a Bash-based entry tracker that stores arbitrary user input locally. In an agent setting, this deceptive packaging increases the chance that deployment secrets, hostnames, commands, or operational notes are provided to the skill and retained without informed consent.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The documentation labels the skill as a deployment tool, but the listed commands only record, view, search, and export log entries. This can cause operators or autonomous agents to trust it with deployment-related inputs under false assumptions, creating unnecessary exposure of sensitive workflow data.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The script presents itself as a PHP deployment tool, but the exposed functionality is a generic local logging and data-export utility. This kind of capability mismatch is dangerous in an agent-skill ecosystem because it can mislead users and reviewers into granting trust, installation, or execution to a tool that does not perform its claimed purpose and instead collects user input for storage.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The main command handlers only append arbitrary user-provided data to per-command log files and offer replay/export/search features, rather than performing deployment operations. In the context of a supposed deployment skill, this strongly suggests deceptive packaging that could be used to harvest sensitive operational input such as hostnames, credentials, tokens, or deployment parameters entered by users.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The inline branding reinforces the false impression that this is a legitimate deployment utility, while the code implements unrelated logging behavior. Misleading in-code documentation increases social-engineering risk by making the artifact appear trustworthy during casual inspection.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The skill documentation does not clearly warn at the point of use that user-supplied inputs are persisted to local log files. That omission increases the likelihood that users enter secrets or sensitive deployment context that remains stored, searchable, and exportable beyond the immediate session.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
These handlers persist raw user input directly to disk under the user’s home directory without meaningful disclosure, filtering, or secret handling. If operators provide deployment-related values, the logs may retain credentials, internal endpoints, or other sensitive operational data that can later be read by the same user, backup systems, or other local processes depending on file permissions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The search command replays previously stored entries matching a user-supplied term, which can surface sensitive historical inputs to the terminal without any warning about retention or disclosure. In a deployment context, this increases the chance of inadvertent exposure of secrets or internal configuration during screen sharing, shell history capture, or multi-user terminal sessions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.