Back to skill

Security audit

cooking-timer

Security checks across malware telemetry and agentic risk

Overview

This timer skill is very small and has no executable code, but it asks for an unexplained API key and references a missing script.

Review before installing. Do not provide a real TIMER_API_KEY unless the publisher explains the API provider and why it is needed, and review any separately supplied cooking_timer.py before running it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
A basic kitchen timer should not normally require a third-party API key, so this introduces unnecessary credential handling and expands the attack surface without clear justification. In a low-complexity skill like this, requesting a secret may enable data exfiltration, hidden remote dependencies, or accidental leakage of credentials through logs or downstream tooling.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The usage triggers are overly broad for a narrowly scoped cooking timer and could cause the agent to invoke this skill in unrelated 'food operations' or generic automation contexts. Overbroad activation increases the chance of unintended execution, especially concerning when the skill also asks for an API key despite its simple stated purpose.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The markdown instructs users to set a sensitive environment variable but provides no warning about secret handling, storage, rotation, or logging risks. Because the skill’s purpose does not obviously justify credential use, the lack of security guidance makes accidental exposure or misuse more likely.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.