WakaTime

Security checks across malware telemetry and agentic risk

Overview

This WakaTime skill appears to provide read-only access to coding activity analytics, with privacy-sensitive data access that users should scope intentionally.

Install only if you are comfortable letting the agent read WakaTime analytics for your account. Ask it to limit requests to the specific project, date range, or metric you need, and avoid sharing results that expose private client names, machine names, or workplace activity patterns.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: ## Security & Permissions All WakaTime tools are read-only. No write operations are available. All calls are safe and require no confirmation. ## Tool Reference
Confidence: 94% confidence
Finding: no confirmation

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal