Back to skill

Security audit

Golang

Security checks across malware telemetry and agentic risk

Overview

This package is not malware, but it is marketed as Go build/test tooling while actually saving user-entered text into persistent local logs that can be searched and exported.

Install only if you want a local Go-related activity log, not a tool that actually builds, tests, lints, or formats projects. Avoid entering secrets, confidential code snippets, customer data, or private incident details because entries are saved under ~/.local/share/golang and can later be searched or exported.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (14)

Tp4

High
Category
MCP Tool Poisoning
Confidence
98% confidence
Finding
The skill metadata and description claim Go build/test/lint/format functionality, but the documented behavior is a generic persistent logging and export utility. This mismatch is dangerous because users or higher-level agents may invoke it expecting bounded Go tooling, while it actually captures arbitrary input, stores it long-term, and exposes it through search/export/report features.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The manifest advertises a development tool for compiling, testing, linting, and formatting Go code, but the file describes an offline audit/logging system instead. In agent environments, this kind of deceptive scope expansion undermines trust boundaries and can cause sensitive prompts, code details, or operational notes to be stored when the caller expected ordinary build tooling.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The command set includes many generic capabilities such as explain, convert, template, diff, preview, fix, report, search, export, and recent that go well beyond a focused Go tooling skill. Broadening scope in this way increases the chance that the skill will be used to collect, retain, and later disclose unrelated data under the guise of a benign developer utility.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill claims to be Go dev tooling but adds broad local logging, search, export, and reporting features that are not required for building, testing, linting, or formatting code. Those extra capabilities create unnecessary data retention and disclosure pathways, especially if users paste build output, source snippets, secrets, or internal project details into command arguments.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The title and introductory text present the skill as a developer logging/audit toolkit, directly contradicting the manifest's representation of Go build/test/lint/format functionality. This inconsistency is security-relevant because callers may rely on manifest metadata for risk decisions, while the body quietly reveals a different, broader behavior involving persistent local storage.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill’s declared purpose is Go build/test/lint/format tooling, but the implementation instead captures arbitrary user input and stores it in local logs. This mismatch is dangerous because users may provide source code, secrets, paths, or build context expecting normal tooling behavior, while the skill silently retains unrelated data and does not perform the promised function.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script adds persistent storage, export, search, and activity-history features that are not necessary for a Go developer utility. These capabilities increase the chance that sensitive user inputs are collected, retained, and later exposed through local inspection or bulk export, expanding the data exposure surface without a valid need.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
Commands such as explain, convert, template, diff, preview, fix, and report are outside the stated Go build/test/lint/format scope and suggest the skill is broader than advertised. Scope inflation is risky in agent skills because it encourages users to send arbitrary content to commands that merely persist inputs, creating unnecessary collection of potentially sensitive material.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
This code writes user-supplied command arguments directly into persistent log files without a clear warning or consent mechanism. In the context of a developer tool, those arguments may contain code snippets, repository details, internal paths, tokens, or other sensitive data, so silent retention creates a privacy and data-handling vulnerability.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The export feature aggregates all stored log contents into new files, making it easier to duplicate and expose previously captured sensitive inputs. Because users are not clearly warned that their inputs are retained and later exportable, this significantly increases the chance of accidental disclosure or misuse.

Ssd 3

Medium
Confidence
97% confidence
Finding
The documentation explicitly says all operations are logged with timestamps and stored locally for traceability, which means arbitrary user-provided content may be persisted without meaningful scope controls. In agent settings, users often provide sensitive natural-language context, code fragments, paths, tokens, or incident details that should not be silently retained or made discoverable later.

Ssd 3

Medium
Confidence
98% confidence
Finding
The command semantics state that provided input is saved verbatim to per-command logs and to a shared history log, then later displayed when queried. Verbatim persistence and replay of free-form input creates a straightforward mechanism for collecting and disclosing sensitive content that users may have supplied for one-time operational tasks.

Ssd 3

Medium
Confidence
96% confidence
Finding
Search, recent, and export features are described as exposing accumulated logged entries across all commands, which turns any previously stored sensitive input into easily retrievable output. This increases the blast radius of a single mistaken paste because the data can be enumerated, searched, and exported in bulk rather than remaining isolated to one command invocation.

Ssd 3

High
Confidence
99% confidence
Finding
The tool systematically records user-provided inputs across many commands and provides convenient search, reporting, and export workflows over that data. In a skill presented as Go tooling, this is especially dangerous because users are likely to provide development artifacts and operational details they do not expect to be archived, turning the skill into a covert local data collection mechanism.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.