Back to skill

Security audit

Security Health Check

Security checks across malware telemetry and agentic risk

Overview

This security-check skill is not malware, but it needs Review because it handles passwords and email addresses while misstating privacy details and including under-scoped enterprise social-engineering plans.

Install only if you are comfortable sending email addresses to HIBP and entering passwords for local checks. Do not pass real passwords on the command line; use an interactive prompt or a test password. Treat the enterprise OSINT, phishing-simulation, and secret-scanning portions as requiring explicit organizational authorization, consent, and careful handling of sensitive findings.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The feature combines employee OSINT collection, attacker-perspective profiling, and phishing-template generation while relying only on a textual restriction to 'authorized assets'. That creates a real dual-use risk: an operator could target individuals beyond legitimate internal testing, and the document does not define enforceable authorization, consent, or anti-abuse controls.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The privacy statement is internally inconsistent and likely inaccurate: it claims only a SHA1 prefix of the email is sent, while the skill also documents password-related HIBP queries. Misstating what sensitive data leaves the system can mislead users into entering credentials or identifiers under false assumptions, creating privacy and compliance risk.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The social-engineering module describes collecting public employee data and generating phishing simulations without a prominent user-facing warning about privacy, consent, and misuse. In this context, omission of those safeguards increases the chance of inappropriate surveillance or unauthorized social-engineering activity under the guise of security testing.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The secret-scanning feature is designed to access repositories and local files that may contain highly sensitive credentials, but the document does not clearly warn users that such content will be read, analyzed, and potentially transmitted via third-party APIs. Without explicit disclosure and handling constraints, this creates confidentiality and data-governance risk.

Natural-Language Policy Violations

Medium
Confidence
83% confidence
Finding
The appended Chinese marketing content is unrelated to the stated security-check functionality and introduces unsolicited promotional output without user consent or locale justification. In a security-focused skill, unrelated marketing content can erode trust, create prompt-injection-like policy drift, and potentially steer users to external sites they did not ask for.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The function sends the user's raw email address to the Have I Been Pwned API, which is a third-party service, without an explicit user-facing disclosure of that external transfer or its privacy implications. Even if the service is legitimate and the purpose is security-related, transmitting an email address off-device can expose sensitive personal data and may violate user expectations or privacy requirements.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.secret_argv_exposure

Instructions pass high-value credentials through process argv.

Critical
Code
suspicious.secret_argv_exposure
Location
README.md:28