Back to skill

Security audit

Tmp.6gM3W253b8

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-aligned for Credit Karma finance queries, but it asks users to expose live session cookies and persist private financial data without enough scoping or warnings.

Only install this if you intentionally want an agent to access Credit Karma transaction data. Treat CK_COOKIES and copied Cookie headers like passwords, avoid storing them in plain .env files when possible, confirm where the SQLite database is written, and use the tools only for explicit Credit Karma requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger language is broad enough to activate on generic personal-finance requests, which can cause the agent to invoke a highly sensitive financial-data skill outside a clearly scoped Credit Karma context. In this skill, over-broad routing is more dangerous because the tool can access account transactions and authentication material, increasing the chance of unnecessary exposure of sensitive data.

Missing User Warnings

High
Confidence
94% confidence
Finding
The skill instructs users to provide or persist highly sensitive session cookies and sync private financial transaction data, but it does not prominently warn about the risks of credential theft, local persistence, or exposure of financial records. In this context, missing warnings materially increase the likelihood that users will paste live session tokens or store them insecurely without informed consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.