Back to skill

Security audit

Ebook

Security checks across malware telemetry and agentic risk

Overview

This is a local ebook tracker that stores and edits a private JSONL library file, with no evidence of network access, credential use, hidden behavior, or unrelated system access.

Install only if you are comfortable with a local script creating ~/.ebook/data.jsonl and storing reading history, highlights, and reviews there. Back up that file before using delete or bulk update/export commands, and review any export path because it can write to the file location you provide.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill advertises and documents file read/write behavior and likely environment access, but it does not declare any permissions or boundaries for those capabilities. This creates a transparency and governance gap: an agent or user may invoke the skill without understanding that it can read from and write to local storage, increasing the risk of unintended file access or modification.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The manifest uses broad activation wording like 'Use when cataloging books, logging reading sessions, or organizing digital libraries' without clear limits, exclusions, or user-confirmation requirements. Overbroad routing can cause the skill to be selected in contexts where file-modifying behavior is not expected, increasing the chance of unintended local data changes.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation includes a delete command that removes ebook records by ID, but it provides no warning, dry-run mode, confirmation prompt, or recovery guidance. In a file-backed local datastore, accidental or misrouted deletion can permanently remove records, sessions, highlights, and related metadata if users or agents invoke it incorrectly.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.