Security audit

Matrix OpenAPI Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Matrix API helper that can read Matrix data and send room messages using a user-provided token.

Install this only if you want an agent to operate a Matrix account through UXC. Use a dedicated or least-privileged token when possible, keep tokens out of chats, logs, and repositories, verify the homeserver and room IDs before use, explicitly review any message before sending, and stop or delete background sync files when they are no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The schema defines bearer-token authentication globally and includes both sensitive read endpoints and a write endpoint for sending room events, but it does not embed any warning or consent language about privacy-sensitive data access or outbound side effects. In an agent skill context, this increases the risk of silent data exposure or unintended message sending because downstream tooling may present these operations as routine API calls without prompting the user appropriately.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.