Back to skill

Security audit

Dashlane

Security checks across malware telemetry and agentic risk

Overview

This Dashlane skill is related to its stated purpose, but it goes beyond read-only vault lookup and includes risky secret-handling workflows users should review carefully.

Install only if you are comfortable with an agent seeing instructions for Dashlane CLI operations that can expose or persist vault secrets. Avoid console/JSON output in logged sessions, be cautious with clipboard managers, do not use backup, exec, inject, SSH-key piping, or master-password environment variables unless you explicitly intend that workflow, and review commands before allowing them to run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill advertises read-only vault access, but the documented command set goes beyond that scope by including backup, configuration changes, locking/logout, and secret injection features. This mismatch can mislead users and downstream agents into authorizing or invoking operations with broader side effects than the manifest implies, increasing the chance of unsafe handling of sensitive data.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
Claiming 'Read-only access' while documenting mutating and side-effecting commands creates a trust and consent problem. Users may rely on the safety claim and unintentionally perform actions that alter local state, persist credentials, or create additional copies of secrets.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The examples normalize printing secrets to stdout and copying them to the clipboard without prominent warnings about leakage through shell history, terminal logs, process capture, clipboard managers, or screen sharing. In a password-manager context, this materially increases the risk of accidental disclosure of highly sensitive credentials and OTPs.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Documenting vault backup without warning that it creates sensitive local copies can lead users to generate plaintext or otherwise accessible archives containing large portions of their secret store. A local backup expands the attack surface significantly because compromise of the host, filesystem, or backup destination may expose the entire vault dataset.

Missing User Warnings

High
Confidence
98% confidence
Finding
Recommending the master password via environment variable without strong warnings is dangerous because environment variables are commonly exposed to child processes, crash reports, debugging tools, CI logs, container inspection, and shell/session artifacts. Since this is the primary credential protecting the vault, exposure could enable broad compromise of all stored secrets.

Missing User Warnings

High
Confidence
97% confidence
Finding
Secret injection into environment variables and templated files is inherently risky because it propagates sensitive material into downstream processes, filesystems, logs, artifacts, and debugging surfaces. In this context, the documentation presents these workflows as straightforward examples without warning that secrets may persist long after the immediate command completes.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.