Inkdrop

Security checks across malware telemetry and agentic risk

Overview

The skill appears intended for Inkdrop note management, but it combines broad activation, delete authority, and reported input-handling flaws that could cause unintended note changes or command execution.

Review this skill before installing. It may be useful if you intentionally want Codex to manage Inkdrop notes, but it should require explicit Inkdrop-related requests, confirmation before deleting notes, and safer input handling in the shell/Python wrapper before it is trusted with important notebooks.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger language is very broad and can match many ordinary requests about ideas, organization, backlogs, or task lists, increasing the chance the skill activates when the user did not explicitly request Inkdrop interaction. In this context, over-broad routing is dangerous because the skill has authenticated read/write/delete access to persistent local notes.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The documentation includes a direct delete operation for arbitrary document IDs without any warning, confirmation guidance, or mention of irreversibility. In a skill that manages user notes, silent destructive capability materially raises the risk of accidental or unauthorized data loss.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal