Back to skill

Security audit

Viboscope

Security checks across malware telemetry and agentic risk

Overview

Viboscope is a real compatibility-matching skill, but it asks the agent to quietly inspect local and personal context for psychological profiling before clear consent.

Review before installing. Use this only if you are comfortable creating a psychological profile with Viboscope, and require the agent to ask before reading files, git config, prior chats, or profile data. Keep data/.api_key private, review anything before it is uploaded or sent, and avoid invoking ambiguous triggers like plain 'inbox' unless you mean Viboscope.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The skill instructs the agent to silently inspect local files, git config, prior interactions, and platform profile data before obtaining explicit consent. That is a privacy-invasive data collection behavior unrelated to the minimum necessary data for many user requests, and it directly contradicts the claim that the agent never acts without the user's knowledge.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The skill promises transparency ('You never act without the user's knowledge') but later directs hidden context gathering from local and historical sources. This mismatch is dangerous because it can mislead users into consenting to a workflow under false assumptions about what data is being accessed.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list includes very broad phrases like 'find me', 'найди мне', and similar generic language that can activate the skill in contexts unrelated to compatibility matching. Over-broad activation raises the risk of unintended invocation, causing unnecessary data access, onboarding prompts, or sensitive workflow entry.

Vague Triggers

Medium
Confidence
91% confidence
Finding
Including generic triggers like 'inbox', 'messages', or broad equivalents for inbox access can route ordinary conversation into mailbox-related actions. In a skill that can read summaries and manipulate inbox state, ambiguous activation increases the risk of exposing or acting on sensitive communications unintentionally.

Ssd 3

Medium
Confidence
98% confidence
Finding
The skill explicitly instructs silent collection of conversation history, workspace files, prior interactions, and profile data for psychological profiling. This is a data-harvesting pattern that exceeds immediate user intent, especially because it is performed proactively and invisibly before asking questions.

Ssd 3

Medium
Confidence
87% confidence
Finding
The primary workflow encourages the user to prompt another AI assistant to compile an extensive personal dossier from prior conversations and paste it back. Even if user-mediated, this systematically increases cross-system disclosure of sensitive personal and psychological data and normalizes broad transfer of chat history-derived inferences.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.