Back to skill

Security audit

botauth

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed botauth vault helper for agent secret retrieval, with a minor documentation mismatch around optional secret creation.

Install this only if you trust the botauth CLI and want agents to request credentials from your local vault. Keep the vault locked when not needed, approve only task-specific prompts, and avoid writing secrets into long-lived files unless the task clearly requires it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The manifest describes the skill as being limited to listing, searching, and retrieving secrets, but the documentation also instructs the agent to create new secrets with `botauth add`. This scope mismatch is dangerous because agents, reviewers, or policy engines may grant the skill read-oriented trust while the actual documented behavior includes a write-capable operation that can alter the user's vault and trigger unintended credential creation flows.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
Documenting `botauth add` expands the effective command surface beyond the manifest's stated read-only secret access operations. Even though `add` requires a desktop flow, the discrepancy weakens least-privilege assumptions and can cause an agent to solicit or initiate credential creation in contexts where only retrieval was expected.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.