Back to skill

Security audit

Clinkding - Linkding Bookmark Integration

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Linkding bookmark-management skill, but users should protect their API token and avoid automatic URL summarization for private links.

Install only if you trust the clinkding upstream CLI and your Linkding instance. Keep the API token private, prefer protected config or environment-based secrets over command-line token flags, review delete/archive/upload/download actions before approving them, and avoid automatic summarization for internal, private, or token-bearing URLs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill’s core purpose is bookmark management, but it instructs the agent to invoke an external summarization capability on arbitrary user-supplied URLs before saving them. That expands the skill’s data-handling scope and can disclose user-provided links and fetched page contents to another tool or service without an explicit need-to-know or consent boundary.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The skill hard-codes instance-specific tagging policy, personal taxonomy, and collection heuristics into what is presented as a general bookmark-management skill. This can cause an agent to make unauthorized organizational decisions on behalf of the user, leak assumptions about a specific user’s environment, and behave incorrectly or invasively in other deployments.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill documents permanent deletion of bookmarks and assets without any warning, confirmation pattern, or guidance to verify user intent. In an agent context, that increases the risk of accidental destructive actions from ambiguous prompts or automation errors, causing irreversible data loss.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill instructs users to store and pass API tokens via config files, environment variables, and CLI flags, but it provides no warning about credential exposure risks. Tokens in shell history, process lists, logs, or improperly protected config files can be stolen and used to access or manipulate the user’s bookmark instance.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The workflow explicitly tells the agent to send user-provided URLs to an external summarization skill without disclosing that this may reveal private, sensitive, or internal URLs and fetched content to another component or third party. In a bookmarking context, saved links may include confidential work resources, personal documents, or unlisted pages, making silent forwarding especially risky.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.