Security audit

Registration

Security checks across malware telemetry and agentic risk

Overview

This is a local-only registration logging script with vague and partly broken commands, but no evidence of network exfiltration, credential access, destructive behavior, or hidden privilege use.

Install only if you are comfortable with registration or attendee details being stored locally under ~/.local/share/registration. Verify the installed registration command matches this script, and do not assume the vague commands perform real capacity checks, conversions, or reports without testing them first.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (5)

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: The documented capabilities extend beyond attendee registration into generic text ingestion, log review, filesystem status reporting, and bulk export of stored content. In an agent setting, that broader scope increases the risk of collecting, retaining, and exposing sensitive local information under the cover of a registration skill, especially because several commands accept arbitrary input and produce reports from local data.

Intent-Code Divergence

High

Confidence: 83% confidence
Finding: The help text promises specialized export and status behavior, but the case dispatch earlier defines broad logging handlers for the same command names, making the real export/status implementations unreachable. In a registration-data context, this discrepancy can mislead operators about what data is being handled and retained, causing accidental storage of sensitive attendee information when they expected a safe read-only or format-conversion action.

Vague Triggers

Medium

Confidence: 81% confidence
Finding: Multiple commands are described with one-word labels like 'Run', 'Check', 'Convert', and 'Analyze', which obscures what data they consume, what actions they perform, and what they write to disk. In an agent ecosystem, ambiguous command semantics are dangerous because they make it easy to invoke powerful or privacy-impacting behavior without informed review or appropriate policy controls.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The script persistently stores raw user-provided input and activity history under ~/.local/share/registration without consent, minimization, or any sensitivity warning. Because this skill is supposed to manage registration and attendee data, inputs may contain names, emails, phone numbers, or other personal data, creating privacy and local data-exposure risk if the workstation or account is shared or later compromised.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The export routine materializes all accumulated log data into export files on disk, increasing the number of copies of potentially sensitive registration records. In this skill context that is more dangerous because registration workflows commonly involve attendee PII, and the export formats here do not include any access control, redaction, or user warning before creating additional recoverable files.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal