Back to skill

Security audit

Mindmatch

Security checks across malware telemetry and agentic risk

Overview

MindMatch is only a markdown skill, but it asks agents to profile users from conversation history and send that profile to a server while also saying data always stays local.

Review carefully before installing or invoking. The main issue is not hidden code; it is the skill's instructions. It may cause an agent to infer sensitive traits from your conversation history and send a profile to an external service, while also claiming data stays local. Only use it if the publisher clarifies exactly what is collected, what leaves your device, how long it is kept, and requires explicit approval before any profile is created or sent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The documentation makes a strong privacy claim that user data 'stays local' while the described workflow explicitly says a deep psychological profile is sent to a remote MindMatch server. This mismatch can mislead users into disclosing highly sensitive personality and behavioral data under false assumptions about where it is processed and stored.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger phrases are broad enough that ordinary user requests such as 'find me a partner' or 'who am I compatible with' could invoke the skill unexpectedly. In this skill's context, accidental activation is more dangerous because it may initiate sensitive psychological profiling and possible data sharing with an external service without a deliberate opt-in specific to this skill.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill description explains that a deep psychological profile from LLM conversation history is sent to the MindMatch server, but it does not present this as a clear warning or informed-consent notice. Because the data involved is unusually sensitive and derived from conversation history, omission of an explicit warning materially increases the risk of users unknowingly exposing intimate personal information.

Natural-Language Policy Violations

Medium
Confidence
97% confidence
Finding
The file contains conflicting privacy messaging: it says profiles are sent to a remote server while later assuring users that their data stays local, always. Conflicting claims are dangerous because users and integrators may rely on the reassuring statement and underestimate the privacy and compliance implications of deploying the skill.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.