Back to skill

Security audit

Warehouse

Security checks across malware telemetry and agentic risk

Overview

This is a local warehouse-style CLI that stores user-entered command data in plain-text local files, with privacy cautions but no evidence of exfiltration, credential theft, or destructive behavior.

Install only if you are comfortable with a local CLI keeping plain-text history under `~/.local/share/warehouse`. Do not enter passwords, API keys, customer data, or confidential queries, and periodically inspect or delete the stored logs if you no longer need them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The invocation description is broad and generic enough that an agent may select this skill in situations where the user did not intend data persistence or export-capable tooling. Unintended activation matters here because the skill writes to local storage and maintains history, so accidental use can create unnecessary data residue.

Missing User Warnings

Low
Confidence
93% confidence
Finding
The markdown documents output and configuration but does not prominently warn that the tool stores data locally and supports export behavior. Users or agents may therefore treat the tool as transient/stdout-only, overlooking privacy, retention, and accidental disclosure risks from files written under the default data directory or exported elsewhere.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script stores arbitrary user-provided input persistently under ~/.local/share/warehouse without explicit disclosure, consent, retention controls, or sensitivity checks. In an agent-skill context, users may pass secrets, queries, internal data, or credentials assuming one-shot processing, creating a real privacy and data exposure risk if the local files are later read, backed up, or exported.

Ssd 3

Medium
Confidence
93% confidence
Finding
The tool is designed to record user inputs in plain-text logs and then re-export them in bulk, including potentially sensitive content from commands such as query, profile, schema, and pipeline. In this skill context, that makes the behavior more dangerous because agent users often supply operational or proprietary data, and plain-text accumulation plus export materially increases the chance of unintended disclosure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.