Security audit

Paraphraser

Security checks across malware telemetry and agentic risk

Overview

The paraphrasing skill mostly matches its stated purpose, but it also bundles an unrelated local data-management script that stores user text and command history without clear disclosure.

Review before installing. The main paraphrasing helper appears purpose-aligned, but the extra scripts/script.sh can retain text locally and later list, search, or export it. Avoid passing sensitive drafts to that script, or remove/ignore it unless you intentionally want local record storage.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The skill is presented as a text paraphrasing utility, but the implementation is a generic local record/log management CLI that stores and exposes user-provided data. This semantic mismatch is dangerous because users, orchestrators, or security reviewers may grant the skill access under false assumptions, leading to unintended local data collection and disclosure through commands like add, list, search, and export.

Intent-Code Divergence

Medium

Confidence: 90% confidence
Finding: The inline documentation explicitly describes the tool as a 'Multi-purpose utility tool,' which contradicts the narrow paraphrasing description in the skill metadata. In an agent skill ecosystem, this kind of misleading documentation increases the chance that the tool will be invoked in contexts where users do not expect file-backed storage and record-management behavior.

Missing User Warnings

Low

Confidence: 82% confidence
Finding: The script logs command arguments to a local history file without clearly warning the user. This can inadvertently persist sensitive text supplied to the skill, which is particularly concerning in a paraphrasing context where users may submit drafts, proprietary content, or personal data.

Missing User Warnings

Low

Confidence: 89% confidence
Finding: The add command writes arbitrary user input directly to a persistent local data file and echoes it back, with no disclosure that submitted content will be retained. In the context of a purported paraphrasing skill, users are likely to provide sensitive text, making silent persistence an avoidable privacy and data-handling risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.