Back to skill

Security audit

Switchgear

Security checks across malware telemetry and agentic risk

Overview

This is a small local switchgear record manager that persists its own entries and settings, with no evidence of network access, credential use, or hidden execution.

Install only if you are comfortable with a shell script creating ~/.switchgear, storing entries and settings there in plain text, deleting stored entries when remove is used, and overwriting switchgear-export.json or switchgear-export.csv in the current directory during export. Avoid storing secrets in entries or config values.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The implementation materially diverges from the stated skill purpose: instead of managing switchgear specifications or structured JSON/CSV switchgear tasks, it acts as a generic local logging and configuration utility. In an agent ecosystem, this kind of capability mismatch is dangerous because it can mislead operators and higher-level orchestration into supplying sensitive task data that gets stored locally, searched, exported, or modified in ways unrelated to the declared functionality.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The documentation exposes data-writing and destructive actions such as remove and export without warning users that these operations modify local state or may overwrite files, increasing the chance of accidental data loss. In an agent setting, vague destructive commands are risky because an LLM may invoke them without sufficient confirmation or path validation.

Vague Triggers

Medium
Confidence
74% confidence
Finding
The invocation guidance is broad and underspecified, which can cause an agent to select this skill in situations outside its intended scope and trigger unnecessary local file operations. Ambiguous activation criteria are dangerous in tool-using systems because they expand the chance of unintended reads, writes, exports, or deletions from loosely related user requests.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.