Local Vector Store

Security checks across malware telemetry and agentic risk

Overview

This is a local document search store, but its file write and delete behavior is too loosely scoped for automatic trust.

Review before installing. Use only a dedicated private STORE_PATH, do not index secrets, avoid untrusted document IDs, and avoid clear() on any shared or important directory until the package adds path validation and scoped deletion.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The delete and clear methods perform irreversible filesystem deletions with no path safety checks, confirmation, or restriction to files created by the store. Because storePath is configurable, a misconfiguration or attacker-influenced path could cause unintended deletion of arbitrary files within a directory, making this more dangerous than a simple local cleanup feature.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill persists user-supplied document content and metadata to disk by default without any explicit disclosure, consent mechanism, retention control, or protection of sensitive data. In the context of a local knowledge-base tool, writing indexed content to local storage is expected behavior, but the lack of transparency and security controls can expose confidential information to other local users, backups, or subsequent processes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal