Snippets Sync

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Markdown snippet vault helper, with syncing and persistence clearly tied to its purpose.

Use this only with a dedicated snippets or notes folder. Do not point SNIPPETS_VAULT_PATH at your home directory, password stores, SSH keys, or repos containing secrets. Because synced Markdown can spread to other machines, use backups or versioning if overwrites or conflicts would matter.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The README promotes bidirectional sync of snippets and notes across machines but does not warn users that edits propagate automatically and may overwrite content, replicate mistakes, or expose sensitive notes/snippets to every synced device. In a tool centered on shared vault files, this omission can cause users to store credentials, tokens, or private notes in markdown and unintentionally distribute them broadly through Syncthing/rsync-style replication.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal