Back to skill

Security audit

Mind Security

Security checks across malware telemetry and agentic risk

Overview

This security-scanning skill is coherent and user-invoked, but users should understand that selected text, media, and URLs may be sent to named third-party services.

Install only if you are comfortable sending the specific text, media, and URLs you choose to scan to the named providers. Avoid scanning secrets, regulated content, private media, tokenized links, or internal incident-response URLs unless third-party processing and possible provider retention are acceptable. Set only the API keys needed for the modules you plan to use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill declares no explicit permissions, but its documented behavior clearly requires access to environment variables, local files, and outbound network connections. This mismatch weakens review and containment because consumers may not realize the skill can read API keys and transmit user-supplied content to third-party services. In a security-focused skill, undeclared capabilities are especially risky because users may provide sensitive text, URLs, or media for scanning.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation instructs users to submit arbitrary text to the third-party GPTZero API but does not explicitly warn that the text leaves the local environment and may contain sensitive, regulated, or proprietary data. In a security-focused skill, this omission is more concerning because users may reasonably assume analysis is privacy-preserving unless clearly told otherwise.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation explicitly says the service will download user-supplied image URLs server-side and even accepts arbitrary URLs, but it does not warn users that submitted content is transmitted to a third-party service and fetched by that service. This creates a real privacy and data-handling risk, especially if users submit sensitive, private, or access-controlled media links under the mistaken assumption analysis is local or ephemeral.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation states that social media URLs are accepted natively and that the API extracts and downloads the video server-side, but it omits any warning that third-party content is being transferred to and processed by an external service. This is a genuine privacy/compliance issue because users may submit personal or copyrighted social media content without understanding the data transfer and retention implications.

Missing User Warnings

High
Confidence
98% confidence
Finding
The pipeline states that media is uploaded to R2 storage in the background, but the documentation does not clearly warn users that submitted files may be retained after analysis. Silent retention of potentially sensitive images or videos materially increases privacy, confidentiality, and regulatory exposure, making this more severe than a generic external-transfer concern.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script sends the full user-supplied text to GPTZero's remote API for analysis, but the CLI does not present a clear, immediate warning that input content will leave the local environment. This is a genuine privacy and data-handling risk because users may submit sensitive prompts, documents, or proprietary text believing the tool is purely local.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script sends user-provided local media files and arbitrary URLs to the external BitMind API, which can expose sensitive file contents or internal-only URLs to a third party. While this behavior is central to the tool's purpose, the code provides no explicit consent prompt or just-in-time disclosure at the transmission point, so users may unintentionally exfiltrate private data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This script submits user-provided URLs to external services including VirusTotal, URLScan.io, and Google Safe Browsing, which can disclose sensitive internal, pre-release, or otherwise private URLs to third parties. In a security-scanning skill this behavior is expected, but the absence of an explicit warning or opt-in makes accidental data leakage plausible, especially when analysts scan non-public infrastructure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.prompt_injection_instructions

Prompt-injection style instruction pattern detected.

Warn
Code
suspicious.prompt_injection_instructions
Location
references/prompt-injection.md:9