Back to skill

Security audit

Documents

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward local document-organizing skill, but the folder and notes it creates may contain sensitive personal information.

Install only if you are comfortable keeping a local index of sensitive records. Store minimal references, avoid full passport, Social Security, bank, insurance, or medical identifiers in plaintext, use encryption or restrictive permissions for ~/docs/, and check whether that folder is backed up or synced before adding private details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs creation of `~/docs/` in the user's home directory without clearly disclosing that it may create or modify local files. Because the skill is designed to manage highly sensitive personal records, undisclosed file creation can surprise users, lead to unintended storage of sensitive metadata, and increase privacy risk if the location is unprotected or synced.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.