Spec-Kit SDD

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Spec-Kit workflow guide with user-run setup and Paperclip issue update commands, with no evidence of hidden execution or exfiltration.

Install this only if you want Spec-Kit SDD workflow help and Paperclip issue handoff commands. Before running any Paperclip PATCH/POST or helper script, confirm the issue ID, assignee, API URL, and credentials, because those commands can change issue ownership or add comments.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 86% confidence
Finding: The skill description promises broad Spec-Kit workflow support, but the file mostly provides static guidance and includes unrelated direct Paperclip API operations. This mismatch can mislead users and orchestration systems into invoking the skill in inappropriate contexts, increasing the chance of unintended side effects such as issue reassignment or unsafe trust in unimplemented capabilities.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger list contains broad natural-language terms like 'constitution', 'specification', and 'implementation plan', which can cause the skill to activate in many unrelated conversations. Over-broad activation increases the attack surface for prompt injection and raises the risk that users are steered into following shell/API instructions when they did not intend to use this skill.

External Transmission

Medium

Category: Data Exfiltration
Content: PAPERCLIP_API="http://localhost:3100/api" # Reassign by agent ID curl -s -X PATCH "$PAPERCLIP_API/issues/$ISSUE_ID" \ -H "Content-Type: application/json" \ -d "{\"assigneeAgentId\": \"$TARGET_AGENT_ID\"}"
Confidence: 95% confidence
Finding: curl -s -X PATCH "$PAPERCLIP_API/issues/$ISSUE_ID" \ -H "Content-Type: application/json" \ -d "{\"assigneeAgentId\": \"$TARGET_AGENT_ID\"}" # Comment on issue curl -s -X POST "$PAPERCLIP_API/issu

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal