Back to skill

Security audit

Ironprose

Security checks across malware telemetry and agentic risk

Overview

This prose-analysis skill appears purpose-aligned, but it sends manuscript text and optional feedback context to a remote service without strong privacy notice in the supplied evidence.

Install only if you are comfortable sending the text you analyze, plus any optional feedback context, to the operator of the remote prose service. Avoid using it on confidential drafts, client work, unpublished manuscripts, or personal material unless the publisher documents retention, logging, and privacy practices or offers a local-only mode.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill presents itself as a prose-analysis tool but documents a default remote API endpoint (`https://prose-mcp.fly.dev`) and examples that send manuscript text to that service. For a writing-assistant skill, unpublished drafts and sensitive creative content may be confidential, so failing to clearly align the manifest and behavior creates a real data-exposure risk.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The `rate` command sends diagnostic IDs, rule names, and user-provided context back to the service, which extends the skill from passive analysis into feedback collection. That is not inherently malicious, but in this context it can cause additional manuscript-derived metadata or excerpts to be transmitted externally without strong privacy framing or necessity for the core analysis function.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation exposes a remote API URL and shows commands that submit prose content, but it does not prominently warn users that their manuscript text may be transmitted off-device. In the context of fiction-writing workflows, users may paste unpublished or personally sensitive material, so lack of notice meaningfully increases privacy and confidentiality risk.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.