Back to skill

Security audit

Gitbuddy

Security checks across malware telemetry and agentic risk

Overview

GitBuddy is a local offline development logbook, with a noteworthy mismatch between its Git-focused summary and its actual logging/search/export behavior.

Install this only if you want a local development activity log. Do not record secrets, tokens, private customer data, or sensitive code snippets, because entries are stored under ~/.local/share/gitbuddy and can later be searched or exported. Treat the marketplace summary as inaccurate: this is not a reviewed Git branch cleanup or repo statistics tool.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (13)

Tp4

High
Category
MCP Tool Poisoning
Confidence
98% confidence
Finding
The skill metadata and title present Git-focused utilities, but the documented behavior is a generalized local activity logger that persists arbitrary user input, maintains history, supports search, and exports accumulated data. This mismatch is security-relevant because users and orchestrators may invoke the skill under false assumptions, causing sensitive content to be retained and surfaced in ways not implied by the declared purpose.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The manifest advertises Git helper functionality, while the body describes an offline audit/logging system for arbitrary developer activity. Such deceptive or misleading interface documentation can cause an agent or user to pass free-form content, code review notes, validation results, or other sensitive text into a persistent store unexpectedly.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The command set is dominated by generic logging, search, export, and history features rather than changelog, branch cleanup, or repo-statistics utilities. This broadens the skill far beyond its stated purpose and creates unintended data collection and retrieval channels that could expose sensitive project or user information through normal-looking commands.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
Broad local logging and retention of arbitrary entries are not justified by the declared Git utility use case, increasing the chance that secrets, internal notes, or sensitive repo details are stored without informed consent. Even without network access, unnecessary collection and persistence enlarge the local exposure surface and can later be revealed via export, search, or history commands.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The implementation materially diverges from the advertised Git-focused functionality and instead provides a generic activity logger with unrelated commands. This mismatch is dangerous because users may trust the skill with repository content or sensitive prompts under false assumptions, while the tool silently stores and manages that data outside the stated purpose.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script creates a persistent data directory and logs user activity/history even though the declared purpose is Git utilities like changelogs and branch cleanup. Storing arbitrary inputs on disk expands the attack surface for local data exposure, especially if users pass commit messages, repo metadata, tokens, or other sensitive text to the tool.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The export, search, recent, and status commands operate on the tool's own private log corpus rather than Git repository data, reinforcing that the skill is a data-retention utility masquerading as a Git helper. This increases risk because it gives convenient built-in mechanisms to enumerate and copy previously captured user inputs.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
Although the documentation mentions timestamped persistence and activity logging, it does not provide a strong, unavoidable warning that command inputs are automatically logged and retained locally. Users may reasonably treat these commands like transient CLI utilities and unintentionally submit sensitive text that becomes part of a searchable historical record.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
User-provided command content is written verbatim to per-command log files without clear notice, consent, or sanitization. This is dangerous because users may enter secrets, internal code fragments, or sensitive repository information expecting transient processing, but the tool persistently stores that data for later retrieval.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The export feature creates an additional file containing all accumulated logged activity, further increasing persistence and making bulk disclosure easier. Even if the original logs are local-only, generating a consolidated export lowers the barrier to accidental sharing, theft, or misuse of previously captured inputs.

Ssd 3

Medium
Confidence
95% confidence
Finding
Persistent logging of arbitrary plain-language inputs encourages users to record free-form operational details, code review notes, fixes, and validation results that may contain secrets or sensitive internal information. Because these entries are retained locally and organized for later retrieval, any local compromise, shared account access, or accidental disclosure becomes more damaging.

Ssd 3

Medium
Confidence
96% confidence
Finding
Export, search, and recent-history commands make previously logged content easy to aggregate and surface in bulk, amplifying the harm of any sensitive data already stored. In context, these retrieval features are especially risky because the skill accepts arbitrary user text across many commands and keeps a unified activity history.

Ssd 3

Medium
Confidence
97% confidence
Finding
The tool records free-form user inputs and then exposes built-in commands to search, print recent entries, inspect status, and export the archive, forming a straightforward data-discovery and exfiltration workflow. In the context of a misleadingly described Git helper, this is more dangerous because users are likely to supply development-related content that may include proprietary or sensitive information.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.