Back to skill

Security audit

Knowledge Chat

Security checks across malware telemetry and agentic risk

Overview

This skill is a knowledge-base chat helper whose network calls, API keys, and selected file/image handling match its stated purpose, but users should treat it as an external-data-sharing tool.

Install only if you are comfortable sending selected prompts, retrieved knowledge content, and uploaded images/files to external AI or knowledge-base APIs. Use scoped API keys from environment variables or a secrets manager, verify configured endpoints, and avoid using confidential documents or screenshots unless your organization permits that data to leave the local environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The README defines activation triggers in very broad terms such as connecting to knowledge systems, searching, conversing, and retrieving information, which overlap with many common assistant tasks. In an agent environment, this can cause the skill to be invoked unintentionally, exposing external connectors, search behavior, or attachment-handling capabilities in contexts where they were not explicitly requested.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill description promotes external knowledge-base connectivity and use of third-party AI services, but does not warn users that their prompts, files, or retrieved content may be transmitted externally. In a knowledge-chat context, users are especially likely to submit proprietary documents and internal data, so omission of this disclosure materially increases privacy and compliance risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The method reads an arbitrary local image file, base64-encodes it, and sends the full contents to a remote multimodal API without any consent prompt, disclosure, policy check, or data-classification guard. In a knowledge-assistant context, users may assume local analysis, so this creates a real confidentiality and privacy risk if sensitive screenshots, documents, or internal diagrams are uploaded unintentionally.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.