Back to skill

Security audit

LYGO Second Brain

Security checks across malware telemetry and agentic risk

Overview

This skill is a local note-vault assistant with disclosed local writes, Ollama use, and git commits, and it explicitly limits publishing or pushing without consent.

Install only if you are comfortable letting an agent read and write the configured local vault and create local git commits there. Keep secrets out of the vault, use local Ollama unless you explicitly approve a remote model endpoint, and do not approve git push, publishing, or permaweb actions unless you have reviewed the resulting content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
70% confidence
Finding
Without declared permissions the skill's intent is opaque and cannot be validated.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
- Cloud-only Kimi/Claude as primary (optional fallback only)
- Autonomous overnight `/dream` v1 (not shipped — build after ingest+index stable)
- Auto `git push`, ClawHub publish, or kernel egg plant without consent

## Setup
Confidence
75% confidence
Finding
without consent

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.