Back to skill

Security audit

Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed public static-file sharing workflow, with real but expected privacy and credential-handling risks.

Install only if you are comfortable sending selected static files to this external public sharing service. Do not upload secrets, private documents, credentials, or internal code; prefer a random device_id over username@hostname; protect or delete ~/.config/artifact-share/config.yml when no longer needed; and use password protection deliberately without reusing important passwords.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill extends beyond simple static artifact sharing by directing agents to create external accounts and persist long-lived API credentials on the user's machine. That increases the attack surface and creates an unnecessary identity/credential-management workflow for a task that could otherwise be a one-time upload flow, making misuse, silent account creation, and credential leakage more likely.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
Email binding and verification are ancillary account-management features not required for uploading and sharing static artifacts, yet the skill teaches the agent to interact with them. This expands the scope into handling personal data and verification flows, increasing privacy and abuse risks without clear necessity to the core skill purpose.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill tells the agent to automatically register and save a permanent API key into a local config path, with no clear requirement to first obtain informed user approval. Silent creation and storage of durable credentials on the host can violate user expectations and creates a persistent secret that may later be exposed or misused.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The upload flow emphasizes obtaining a shareable URL and notes that projects are public by default, but it does not consistently force prominent user acknowledgment that uploaded content becomes publicly accessible. This can lead to accidental publication of sensitive files, source code, or internal assets if the user assumes a private sharing model.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to read a local config file containing a plaintext API key and use it in routine workflows. Encouraging direct handling of long-lived secrets in plaintext increases the chance of accidental disclosure in logs, chat responses, screenshots, command histories, or through compromised local environments.

Ssd 3

High
Confidence
99% confidence
Finding
The user-facing template explicitly tells the agent to include the project's access password in the final reply. Returning secrets in conversational output materially increases the risk of disclosure to unintended viewers, logging systems, shared transcripts, or future prompt context.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
SKILL.md:91