Security audit

junie

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Junie CLI setup helper whose shell use, local config writes, and credential handling are expected for its purpose, though users should install and persist credentials deliberately.

Install this only if you want an agent to manage JetBrains Junie. Prefer package-manager installs where practical, review remote installer use in sensitive environments, keep API keys in environment variables when possible, and review any persistent .junie or ~/.junie config changes before relying on them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Rogue AgentSelf-Modification, Session Persistence
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill clearly instructs the agent to execute shell commands, read local files, and write configuration files, yet it declares no permissions. This creates a capability/consent mismatch: a host may invoke the skill assuming it is low-risk metadata, while it actually performs installation, config mutation, and command execution that can affect the system and repository.

Session Persistence

Medium

Category: Rogue Agent
Content: --- name: junie description: Install, update, authenticate, configure, and direct JetBrains Junie CLI in Junie-native ways on macOS or Linux shells. Use when a host agent should steer Junie iteratively toward an overall goal, especially when the host agent has broader context than Junie, Junie should carry out focused implementation/review work, or the task may benefit from Junie-accessible models not available to the host agent. Also use when asked to set up Junie, verify an existing install, create or adjust ~/.junie/config.json or project .junie/config.json, bootstrap a repo’s .junie layout, wire in skills/guidelines/MCP/model locations, prepare Junie for CI headless usage, or decide whether interactive Junie flows truly require headless-terminal-style PTY control. Trigger on limited host-agent command phrases such as /junie help, /junie status, /junie model, /junie usage, /junie bootstrap, and /junie dry-run. --- # Junie
Confidence: 88% confidence
Finding: create or adjust ~/.junie/config.json or project .junie/config.json, bootstrap a repo’s .junie layout, wire in skills/guidelines/MCP/model locations, prepare Junie for CI headless usage, or decide whe

VirusTotal

37/37 vendors flagged this skill as clean.

View on VirusTotal