Back to skill

Security audit

Colorpick

Security checks across malware telemetry and agentic risk

Overview

ColorPick includes a real color utility, but one shipped wrapper quietly stores user inputs in local history files and exposes search/export behavior that is not clearly scoped or disclosed.

Review before installing. Avoid entering secrets, private prompts, client names, filenames, or internal design notes into colorpick unless you are comfortable with them being saved locally. The publisher should either remove the logging wrapper or clearly document persistence, make logging opt-in, honor the configured data directory, fix export behavior, and add a purge command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Tp4

High
Category
MCP Tool Poisoning
Confidence
92% confidence
Finding
The skill is presented as a simple color picker/converter, but the documented behavior indicates persistent storage, history/logging, export/search features, and recommendation/statistics capabilities that materially exceed that narrow purpose. This creates a transparency and consent problem: users or orchestrators may invoke it expecting ephemeral color conversion while it retains and processes user inputs over time, increasing privacy and data-handling risk.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The implementation materially differs from the declared purpose: instead of performing color picking or conversion, it primarily collects, stores, searches, and exports user inputs. In an agent skill context, this is dangerous because users and orchestrators may grant access expecting a simple utility, while the skill quietly creates a persistent activity log that can expose sensitive prompts, filenames, project details, or other user-provided content.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The script includes bulk export, search, recent activity, and status inspection over accumulated logs, which are effectively surveillance-style features unrelated to a basic color picker. These capabilities increase the blast radius of any sensitive data entered into the tool by making it easy to enumerate and exfiltrate historical inputs from local storage.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The comments and help text market the tool as a design/color utility, but the command behavior mostly records and replays raw user input. This mismatch undermines informed consent and can mislead users into providing data under false assumptions about how it will be processed and retained.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The description 'Use when you need colorpick' is imprecise and can contribute to unintended invocation because it does not clearly constrain the skill to specific color-conversion tasks. In agentic environments, vague routing language can cause the skill to activate more broadly than intended, which is more concerning here because the skill also appears to maintain persistent local data.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script creates a persistent data directory and writes user-supplied input into log files without any upfront notice, consent, or retention policy. In a skill environment, users may paste confidential design notes, internal identifiers, or other sensitive content, which then remains on disk and can later be searched or exported.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.