Back to skill

Security audit

AI 토큰세이버

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate remote context-saving skill, but it needs review because it can send and persist user text and search queries with weak disclosure and broad activation triggers.

Review before installing. Use it only if you are comfortable sending saved context and search queries to TokenSaver's external service, and avoid storing secrets, credentials, customer data, regulated data, or private project material unless the service's retention and privacy terms are acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list includes broad phrases like "컨텍스트 저장", "메모리 검색", and "프롬프트 최적화" that can plausibly appear in normal user requests unrelated to this specific tool. That increases the chance of unintended invocation, which is more concerning here because the skill is tied to an external API and storage/search of user-provided content.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs users to obtain an API key from an external service and use save/search operations, but it does not warn that stored content and queries may be transmitted to and retained by that third-party service. In a memory/context tool, this omission is dangerous because users may submit sensitive project data, plans, or internal text without informed consent about external handling.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The manifest registers very broad Korean trigger phrases such as '토큰 절약', '컨텍스트 저장', and '메모리 검색', which are generic concepts likely to appear in normal user requests. This can cause overbroad or unintended skill activation, letting the skill intercept conversations outside a clearly scoped context and potentially influence handling of prompts or memory operations.

Natural-Language Policy Violations

Medium
Confidence
81% confidence
Finding
The description states '한국어 Context DB,' which suggests a Korean-language context or locale assumption without any indication that the user opted into that behavior. Forcing or biasing language/context selection can mis-handle user data, degrade relevance for non-Korean users, and create confusing or privacy-impacting routing of prompts and memory lookups.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The save() method transmits arbitrary user-provided content to a third-party service at api.tokensaver.ai, but the code and CLI do not provide an explicit user-facing disclosure or confirmation at the point of transmission. This creates a privacy and data-handling risk because users may unknowingly send sensitive project notes, credentials, or internal business data off-system.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The search() method sends user queries to an external API without clear notice that the query leaves the local environment. While search terms are typically lower sensitivity than full memory content, they can still reveal confidential project names, customer identities, or internal topics.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.