Back to skill

Security audit

LLM Knowledge Base

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only knowledge-base skill that creates a local Obsidian-style vault and uses expected local storage and web fetching for that purpose.

Install this only if you want an agent to create and maintain a persistent local vault. Choose the vault location deliberately, approve URLs and files before ingestion, and avoid adding secrets or sensitive documents unless you want raw copies retained under raw/inbox/.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The skill claims in Dependencies that it uses 'No package installs, no APIs, no databases', yet earlier instructions require web search and `curl`-based retrieval of external URLs. This mismatch can mislead users and higher-level agents about the skill's network behavior, reducing informed consent and causing unexpected external access or content ingestion.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The initialization section uses broad phrasing such as 'build me a KB about X' or 'create a knowledge base' as activation cues. Overly vague triggers increase the chance that an agent will invoke file-creating and web-ingesting behavior when the user intended a conceptual discussion rather than persistent local changes.

Vague Triggers

Medium
Confidence
91% confidence
Finding
Several operation triggers like 'lint', 'check health', 'clean up', 'maintain', 'what's new', and research prompts are broad enough to cause scanning of local files, automatic ingestion, web searches, and writes to the vault without sufficiently explicit authorization. In an agent setting, ambiguous intent-to-action mapping can lead to unintended persistence, network use, or modification of user data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill description and dependency section do not clearly warn that it may automatically perform web fetches and persist external content into the user's vault. Without a prominent disclosure, users may unintentionally allow retrieval and storage of untrusted or sensitive material, especially when used through higher-level agents that execute tools on their behalf.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The INGEST instructions explicitly direct the agent to copy URLs, files, and pasted text into `raw/inbox/`, but they do not warn that this creates persistent local storage of whatever the user provides. This is dangerous because users may paste secrets, copyrighted material, or sensitive documents without realizing they will be retained unmodified in the vault.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.