Back to skill

Security audit

kipris-cli

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate KIPRIS search CLI, but it sends the user's API key and search terms over plain HTTP by default.

Review before installing. Use a low-privilege or quota-limited KIPRIS key, prefer KIPRIS_PLUS_KEY over passing --key on the command line, and set KIPRIS_BASE to an HTTPS endpoint if the service supports it. Treat API keys and searches as potentially visible on the network until the publisher changes the default transport and documents credential handling.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documentation describes executable capabilities that perform network access to an external API and invocation via shell commands, but no declared permissions are present. This creates a permission mismatch: agents or users may run a skill with broader operational behavior than its manifest communicates, weakening review, sandboxing, and policy enforcement.

Missing User Warnings

High
Confidence
99% confidence
Finding
The script defaults KIPRIS_BASE to an http:// URL and later appends the API key as a query parameter in the request URL. That exposes the credential to interception by any network observer or intermediary and may also leak it via proxy, access, or diagnostic logs. In a CLI skill intended for patent/IP searches, users are likely to run it on shared corporate or cloud networks, which makes silent plaintext credential transport especially risky.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The code reads the API key from environment variables or --key and injects it directly into the outbound request without any user-facing disclosure about how the secret is transmitted. Because the key is placed in the URL, it can be exposed through shell history (if passed via CLI), process inspection, logs, proxies, and error traces, compounding the risk beyond normal secret handling. The surrounding skill context does not justify this behavior; this is a general-purpose integration where safer transport and disclosure are expected.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.