Security audit

Local Hub

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a local-device automation helper, but it exposes camera, microphone, clipboard, notifications, and local script execution without enough consent and scoping detail.

Review this skill before installing. Only use it if you trust the publisher and understand that it can access local device sensors, read or change clipboard contents, send notifications, and run local scripts. Require explicit approval before camera, microphone, clipboard, or script actions, and verify that script execution is narrowly allowlisted.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill advertises access to highly sensitive local capabilities including microphone, camera, clipboard, notifications, and local script execution, but it does not present strong user-facing consent, privacy, or system-impact warnings inline with those capabilities. In an agent setting, this increases the chance that sensitive sensors or execution paths are invoked without the user clearly understanding that real local resources and data are being accessed or modified.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The camera snapshot instructions directly provide a one-shot command to capture an image from the local camera without an explicit warning that this will activate the camera and save an image on disk. That omission is risky because an agent or user may treat it like a harmless diagnostic call rather than a privacy-sensitive sensor access.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The clipboard section shows both read and write operations but does not clearly warn that invoking these endpoints can exfiltrate sensitive copied data or overwrite the user's current clipboard contents. Clipboard contents often contain passwords, tokens, private messages, or confidential text, so silent access is privacy-impacting.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The script-execution example exposes a local code-execution path and does not prominently warn that it runs executable scripts on the user's machine. Even with an allowlist, this is a powerful capability that can modify files, invoke system tools, or chain into broader compromise if the allowlist or parameters are weakly controlled.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal