Back to skill

Security audit

LLM Signal GEO Analyst

Security checks across malware telemetry and agentic risk

Overview

This is a coherent LLM Signal workflow helper, but it needs review because it sends an API key to a configurable endpoint and may automatically execute provider-labeled safe actions.

Install only if you trust the configured LLM Signal endpoint and use the official HTTPS base URL unless you intentionally self-host. Prefer a scoped or revocable API key, review auto_safe actions before allowing automatic execution, and avoid sending sensitive operational or business data unless you are comfortable with plan history being stored remotely.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill exposes shell execution capability via referenced scripts (`fetch-plan.sh` and `fetch-status.sh`) while declaring no explicit permissions. That weakens the trust boundary for users and orchestrators, because the skill can invoke local command execution and networked actions without transparent capability declaration.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The instruction to use `persist=true` stores run history and outcomes, but the skill provides no user-facing notice about retention, privacy implications, or what data may be sent to and stored by the remote service. In a workflow that may process site status, plans, and operational context, silent persistence can leak sensitive business or operational data and create compliance issues.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script sends both the site identifier and the API key to a remote endpoint, and it redundantly embeds the API key in the JSON body in addition to the authentication header. Because the base URL is fully environment-controlled and there is no enforcement of HTTPS, host allowlisting, or disclosure to the user, this can result in credential exfiltration to an unintended or attacker-controlled server.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script transmits the API key twice to a remote endpoint: once in the X-LLMSIGNAL-KEY header and again in the JSON request body. Because the base URL is fully controlled by an environment variable and there is no enforcement that it uses HTTPS or a trusted host, this can send sensitive credentials to an unintended or insecure endpoint. In a skill context, this is more dangerous because agents may execute it automatically with real secrets present in the environment.

External Transmission

Medium
Category
Data Exfiltration
Content
: "${LLMSIGNAL_SITE_ID:?Missing LLMSIGNAL_SITE_ID}"
: "${LLMSIGNAL_API_KEY:?Missing LLMSIGNAL_API_KEY}"

curl -sS -X POST "${LLMSIGNAL_BASE_URL%/}/api/agent/v1/plan" \
  -H "Content-Type: application/json" \
  -H "X-LLMSIGNAL-KEY: ${LLMSIGNAL_API_KEY}" \
  -d "{\"siteId\":\"${LLMSIGNAL_SITE_ID}\",\"apiKey\":\"${LLMSIGNAL_API_KEY}\",\"persist\":true}"
Confidence
94% confidence
Finding
curl -sS -X POST "${LLMSIGNAL_BASE_URL%/}/api/agent/v1/plan" \ -H "Content-Type: application/json" \ -H "X-LLMSIGNAL-KEY: ${LLMSIGNAL_API_KEY}" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
: "${LLMSIGNAL_SITE_ID:?Missing LLMSIGNAL_SITE_ID}"
: "${LLMSIGNAL_API_KEY:?Missing LLMSIGNAL_API_KEY}"

curl -sS -X POST "${LLMSIGNAL_BASE_URL%/}/api/agent/v1/status" \
  -H "Content-Type: application/json" \
  -H "X-LLMSIGNAL-KEY: ${LLMSIGNAL_API_KEY}" \
  -d "{\"siteId\":\"${LLMSIGNAL_SITE_ID}\",\"apiKey\":\"${LLMSIGNAL_API_KEY}\"}"
Confidence
94% confidence
Finding
curl -sS -X POST "${LLMSIGNAL_BASE_URL%/}/api/agent/v1/status" \ -H "Content-Type: application/json" \ -H "X-LLMSIGNAL-KEY: ${LLMSIGNAL_API_KEY}" \ -d

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
## Execution policy

1. Call `POST /api/agent/v1/plan` before recommending actions.
2. Automatically execute only `auto_safe` actions.
3. Route `manual` and `assist` actions to human approval.
4. Never output API keys or secrets.
Confidence
86% confidence
Finding
Automatically execute

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.