Security audit

base64-toolkit

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward base64 utility with disclosed file encode/decode helpers, but users should only run file operations on paths they intend to read or write.

Install only if you want a local base64 utility. Treat encodeFile and decodeToFile as filesystem operations: do not let an agent point them at secrets, system files, or important destinations unless you explicitly intend that read or write.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The skill advertises base64 encoding/decoding utilities but also exposes local file read and write helpers, expanding its capabilities beyond the stated purpose. In an agent setting, undisclosed filesystem access is dangerous because a caller may invoke these functions to read sensitive local files or write attacker-controlled data to arbitrary paths.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: decodeToFile and encodeFile permit arbitrary filesystem access using caller-supplied paths with no sandboxing, path restrictions, or permission checks. If exposed through an agent workflow, this can enable exfiltration of local secrets or overwriting files with decoded attacker-controlled content, which is a meaningful security boundary violation.

Missing User Warnings

Low

Confidence: 83% confidence
Finding: The file write helper writes decoded bytes directly to an arbitrary path without any warning, confirmation, or disclosure to the user. In agent contexts, silent writes increase the risk of unintended state changes, persistence, or misuse because users may not realize the skill can modify the local filesystem.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.