Back to skill

Security audit

enzoldhazam

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a disclosed thermostat-control helper, with expected credential and install risks but no artifact-backed evidence of hidden or malicious behavior.

Install only if you trust the publisher and need this thermostat integration. Prefer macOS Keychain login over exporting a password in your shell, avoid putting credentials in shell history or CI logs, and verify any requested room and temperature before allowing set commands. Use a user-local install path instead of sudo when practical.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill instructs users to supply credentials through environment variables, but the manifest does not declare any permissions or clearly constrain secret handling. Undeclared access to environment-based secrets is risky because it can normalize secret exposure and makes it harder for a platform to enforce least privilege or warn users appropriately.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README instructs users to export a plaintext password in environment variables without any warning about exposure risks. Environment variables can be leaked through shell history, process inspection, logs, crash reports, CI output, or inherited subprocesses, so normalizing this practice increases the chance of credential compromise.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The activation description is broad enough to trigger on general conversation about temperature or heating, not just explicit thermostat-control requests. In a skill that can change physical device state, overbroad invocation increases the chance of unintended tool use and accidental thermostat changes based on ambiguous user intent.

Credential Access

High
Category
Privilege Escalation
Content
| `enzoldhazam status --json` | JSON output for parsing |
| `enzoldhazam get <room>` | Get specific room details |
| `enzoldhazam set <room> <temp>` | Set target temperature |
| `enzoldhazam login` | Save credentials to Keychain |
| `enzoldhazam logout` | Clear stored credentials |

## Examples
Confidence
80% confidence
Finding
Keychain

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.