Focus

Security checks across malware telemetry and agentic risk

Overview

Focus is a local command-line productivity logger that stores user-entered notes on the machine, with no evidence of network upload or hidden behavior.

Install if you are comfortable with Focus keeping your productivity entries as local plaintext logs under ~/.local/share/focus. Avoid storing passwords, API keys, regulated client data, or other secrets, and periodically export or delete the data directory according to your own retention needs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill explicitly advertises automatic history and activity logging, but provides no warning about what is retained, how long it is kept, or that potentially sensitive productivity data may accumulate on disk. In a logging tool that stores timestamps and user-entered content, this can expose private work patterns, plans, and notes to other local users, backups, or later exfiltration.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal