Back to skill

Security audit

Wikimind Skill

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is transparent about saving selected content into a local WikiMind knowledge base, but users should be careful because it creates persistent searchable records.

Install this only if you use WikiMind and want your agent to save selected notes, articles, or docs into that local knowledge base. Avoid ingesting secrets, private conversations, or sensitive third-party content, and use explicit prompts so the skill is not triggered accidentally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger list includes broad natural-language phrases such as "add to knowledge base" and "save to wiki" that could be spoken or written in ordinary conversation and accidentally invoke a state-changing skill. Because this skill persists content, updates an index, and logs the action, unintended activation can cause silent storage of sensitive or irrelevant data.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README describes convenience and workflow benefits but does not prominently warn that using the skill writes content into a persistent knowledge base, updates the search index, and logs the operation. Users may invoke it without understanding that data is being durably stored and made retrievable in future sessions, which raises privacy and integrity risks.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list includes broad, natural phrases such as '把这个存起来' and 'save to wiki' that could be uttered in ordinary conversation, increasing the chance of unintended activation. In a skill that writes to a knowledge base and updates indexes, accidental triggering can cause unwanted persistence of user content or sensitive data.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README describes persistent actions—writing Markdown pages, updating the BM25 index, and recording operation logs—without clearly stating that user data will be stored and modified or that confirmation may be needed. Because this skill affects local knowledge base contents, lack of warning or consent increases the risk of unintended data retention, privacy exposure, and difficult-to-revert changes.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The metadata description embeds broad natural-language triggers such as 'add to knowledge base', 'save to wiki', and 'store this', which are common phrases a user may say conversationally without intending to invoke a write-capable skill. Because this skill performs persistent local modifications, accidental activation can lead to unintended ingestion of sensitive or low-quality content into the user's knowledge base.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The markdown trigger list repeats several ambiguous phrases in English and Chinese, including generic commands like 'Save to wiki', 'Store this note', and '把这个存起来', without clear boundaries that distinguish ordinary conversation from intentional skill use. In a write-enabled skill, these broad triggers increase the chance of unintentional persistence of user-provided or model-generated content.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs direct writes to $WIKIMIND_ROOT, index updates, and log appends, but does not require a user-facing notice or confirmation before modifying local files. This is risky because the skill is designed for persistent state changes, and accidental or prompt-influenced invocation could alter the knowledge base, poison search results, or create misleading records without the user's informed consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.