Chonkie DeepResearch

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Chonkie research helper, but users should avoid letting it create lingering cron status checks unless they explicitly want that.

Install only if you trust the Chonkie CLI and service. Keep the API key private, avoid sensitive research queries unless Chonkie is an acceptable destination, prefer the sub-agent wait flow over cron, and require explicit confirmation before creating cron jobs or deleting reports.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The skill explicitly instructs the agent to create a cron job for periodic status checks, which introduces persistent scheduled execution beyond the core one-shot research/reporting capability. Even if framed as convenience, persistence expands the agent's operational scope, can outlive the user task, and may create unauthorized background activity or notification loops.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal