Back to skill

Security audit

Plume NoteCard

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Plume notecard-generation skill, with normal privacy cautions because it sends user text/images to Plume and keeps local task history.

Install only if you are comfortable sending the notecard content and reference images you choose to process to Plume. Use a revocable PLUME_API_KEY, avoid sensitive documents unless that is acceptable, and review any .plume-notecard/EXTEND.md or ~/.plume-notecard/EXTEND.md before use because it can affect API and storage behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Low
Confidence
72% confidence
Finding
The history command exposes operational logs keyed only by an optional channel string, with no authorization or ownership check shown in this script. If multiple users or tenants share the environment, a caller may be able to enumerate or retrieve prior task metadata, result URLs, local file paths, and task IDs, causing cross-session information disclosure.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases include broad, everyday terms like 'card', 'diagram', and 'image slides', which can cause the skill to activate in contexts unrelated to this service. Over-broad activation increases the chance of unintended execution paths, unnecessary access to user content, and accidental external API calls or file handling.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The manifest instructs activation on broad mentions without clear exclusions, making invocation ambiguous and increasing the likelihood of the skill being selected when the user intended something else. In this skill, accidental invocation matters because it can lead to reading prior images, checking environment configuration, and preparing external service operations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The workflow shows users uploading sketches/notecards and the agent sending them through `transfer`/`create`, but it omits any disclosure that images, article text, generated assets, and related metadata may be transmitted to external services and retained. In a content-generation skill handling user-provided files and text, this creates a real privacy and consent risk because users may unknowingly submit sensitive documents or images.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The history examples explicitly retrieve prior task metadata and image paths by channel, but they provide no warning that this history is retained or reusable in later operations. That is a genuine data-governance issue because users may not expect persistent storage of generated asset paths, task IDs, and prior content context, which can expose sensitive workflow traces or enable unintended reuse.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The module explicitly records complete operation parameters and results for notecard creation and retry flows, and the code persists the full entry/update payloads to a JSON file without any filtering, minimization, redaction, retention controls beyond simple FIFO length, or user disclosure. In this skill context, those parameters/results may contain long-form user text, image references, product images, or other potentially sensitive content, creating a privacy and data exposure risk if the log files are accessed by unauthorized parties or reused beyond the original purpose.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.