Test Publish Check

Security checks across malware telemetry and agentic risk

Overview

The checklist skill is mostly release-focused, but it includes an under-documented extra script that silently stores user input in local files.

Review before installing. The main checklist prompts look low risk, but avoid passing secrets, customer data, production identifiers, or sensitive deployment details to scripts/script.sh, and check or remove its local data directory if you run it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The _log function persistently records command arguments to history.log without disclosure, which can capture sensitive user input such as tokens, file paths, internal identifiers, or other operational data. In an agent skill context, users may pass secrets as arguments during automation, making silent retention more dangerous because it creates a local artifact that can later be read by other processes or users with filesystem access.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The add command writes arbitrary user-provided content into a persistent local database file without warning, which can unintentionally store secrets or sensitive operational notes indefinitely. Within a skill execution environment, this is more dangerous because users may assume a transient command but instead create durable local records that may be exposed through backups, shared home directories, or later export/list operations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal