Back to skill

Security audit

BrainRepo

Security checks across malware telemetry and agentic risk

Overview

BrainRepo is a disclosed local Markdown knowledge-base skill, with real privacy and accidental-capture risks that users should supervise.

Install only if you want an agent-managed Markdown repository at ~/Documents/brainrepo/. Review captures before saving, avoid storing secrets or unnecessary sensitive personal details, confirm deletes and cleanup actions, and verify any Git remote is private and correct before allowing git push.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

High
Confidence
94% confidence
Finding
The trigger list includes very generic phrases like 'remember', 'note', and 'capture', which are likely to appear in normal conversation and can cause the skill to activate when the user did not intend to modify persistent storage. In this skill’s context, unintended activation is more dangerous because the skill writes user content to a fixed filesystem location and may create durable records from incidental or sensitive chat content.

Vague Triggers

Medium
Confidence
92% confidence
Finding
Automatically running onboarding on 'first interaction' is ambiguous and allows filesystem-changing behavior without a clear, explicit user request. In this skill, the onboarding path creates directories and may initialize a git repository, so accidental activation can make persistent local changes and introduce unintended versioning metadata.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill describes onboarding steps that create a directory tree and optionally run 'git init', but it does not provide a prominent user warning that these are local filesystem modifications with persistence implications. In a note-taking skill that stores potentially sensitive personal information, lack of upfront disclosure increases the risk of users unknowingly allowing writes, repo creation, and later accidental exposure of captured data.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The guide explicitly encourages storing personal relationship data, important dates, interaction logs, and potentially health or medical information, but provides no privacy, consent, minimization, retention, or access-control guidance. In a markdown-and-Git-based repository, this can easily lead to over-collection of sensitive personal data and accidental exposure through sync, sharing, backups, or commits.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The workflow uses broad natural-language capture phrasing like telling the AI to save content, without requiring a strong activation boundary or confirmation step. In an agent context, ordinary conversation, quoted text, or third-party content could be misinterpreted as a command, causing unintended note creation and persistence of potentially sensitive or irrelevant information.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The 'New project: [name]' trigger is underspecified and directly maps free-form input into filesystem actions. Without explicit activation constraints and validation, accidental phrasing or manipulated content could create unwanted directories/files, pollute the repo, or enable unsafe path/name handling in downstream implementations.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The person-creation flow allows a vague natural-language command to create a durable record about an individual. This increases the risk of accidental note creation from casual discussion and can also capture sensitive personal data without clear consent or review, which is more dangerous in a personal knowledge repository that is later committed and pushed via Git.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The 'Save this link' trigger is broad and can be activated by normal conversation or by pasted content containing URLs. In this skill's context, automatic persistence to markdown and later Git commits amplify the risk of storing malicious, sensitive, or unintended links and notes, creating both privacy and repository-hygiene issues.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.