Back to skill

Security audit

Vocabulary Anti Forgetting

Security checks across malware telemetry and agentic risk

Overview

This skill is a local vocabulary review tool that saves study progress locally, with some path and metadata caveats but no evidence of harmful behavior.

Install this if you are comfortable with a local Python script creating or updating a vocabulary progress file. Check the actual review_log.md location after first use, or set REVIEW_MEMORY_DIR explicitly, because the code may not write to the documented workspace memory path by default.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill directs execution of a Python script that reads from a vocabulary file and writes persistent state to `<workspace>/memory/review_log.md`, but the manifest does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: users and hosting systems are not clearly informed that the skill performs file reads/writes and may access environment-dependent paths.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs automatic modification of a persistent workspace memory file without a clear upfront user warning or consent step. Even though the file is part of the skill's intended state, silent writes to durable user/workspace storage can surprise users, overwrite prior data, and normalize hidden persistence behavior.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The instruction to 'NEVER skip' writes to `review_log.md` prioritizes persistence over user awareness or consent, and it removes safety flexibility in contexts where writing may be undesirable or disallowed. This is more concerning because the log is stored outside the skill folder in a durable workspace location, increasing the chance of unintended long-term state changes.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.