Security audit

SmartPage

Security checks across malware telemetry and agentic risk

Overview

SmartPage appears to be a real document-formatting helper, but it asks the agent to download and run an unpinned external npm project that was not included in the reviewed skill artifact.

Install only if you are comfortable with the agent downloading and running the current external SmartPage npm project. Prefer reviewing or pinning that repository first, choose a workspace-specific output folder instead of the desktop for sensitive documents, and stop the local dev server after any editing session.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The workflow goes beyond document formatting by instructing the agent to start a local development server and open a browser session automatically. That expands the skill from offline file conversion into network-exposed and UI-driving behavior, which increases attack surface and can lead to unintended local service exposure or browser actions without a clearly bounded user consent step.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger condition 'format/layout a document to one A4 page' is broad enough to activate on many general document requests, causing the agent to clone a repo, install dependencies, and write files when a simpler or safer response may have been appropriate. Overbroad activation increases the chance of unnecessary code execution and file operations in contexts the user did not clearly authorize.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The workflow writes temporary files and exports results to the user's desktop by default without prominently warning the user in the skill description or activation contract. Unannounced file creation in temp and desktop locations can expose sensitive content, overwrite expectations about where data is stored, and violate least surprise for a formatting skill.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill description does not warn that it may launch a local dev server and open a browser, both of which are materially different from simple Markdown rendering/export. Omitting this behavior hides meaningful side effects from the user and can cause unexpected local service exposure and browser automation.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal