Project Sharing System

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local project-status sharing tool, but it should be installed only in a trusted workspace because it writes persistent files and runs local helper scripts for sync and backup.

Install this only where local project state, history, and backups are acceptable to persist. Review or reset the bundled projects_status.json before relying on it, and do not let untrusted users modify the installed scripts or project data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Behavioral ASTexec() Call, eval() Call, Dynamic Import
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Context-Inappropriate Capability

Medium

Confidence: 87% confidence
Finding: The CLI imports child_process and later executes additional local code paths (`update_project_status.js`) during normal write operations, which expands the skill from simple project-state management into arbitrary local code execution. In an agent environment, this is dangerous because a modified workspace script can run with the caller's privileges whenever JSON is written or synced, creating an unexpected execution surface.

Context-Inappropriate Capability

High

Confidence: 97% confidence
Finding: The `sync` command automatically executes `auto_backup.sh` via `bash` if the file exists, without validation or prior user consent. Any attacker who can place or modify that script in the expected location gains code execution during a routine sync operation, which is especially risky in shared agent workspaces.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill states that installation will automatically create files, configure a CLI command, and enable automatic backups, but it gives no warning about filesystem modifications, storage growth, or where these artifacts will be written. Silent persistence and backup behavior can surprise users, overwrite existing project data, or create unintended disclosure and retention risks in multi-agent/shared environments.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill runs a backup subprocess automatically after `sync` without warning in help text or before execution, creating a hidden side effect. Hidden execution is dangerous because users and higher-level agents may treat `sync` as a data operation, while it actually launches arbitrary shell code if a script is present.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal