Back to skill

Security audit

Ln Tool

Security checks across malware telemetry and agentic risk

Overview

This is a simple local link-creation skill with expected filesystem effects and no evidence of hidden network, credential, or background behavior.

Install only if you want an agent to create local filesystem links. Check target and link paths carefully, avoid force replacement unless you intend to replace the destination, and note that the included Python script appears to support symbolic links only despite broader documentation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation mentions `-f` force creation but does not clearly warn that it may remove or replace an existing destination. In an agent or automated context, this omission can lead users to invoke destructive behavior unintentionally, causing data loss or overwriting important files or links.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.