Back to skill

Security audit

Yutori research

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Yutori cloud research integration, but users should remember that research prompts, URLs, and browsing tasks are sent to Yutori.

Install only if you intend to use Yutori’s cloud service for research or browsing. Use a limited Yutori API key, verify YUTORI_API_BASE points to the intended endpoint, avoid sending confidential/internal URLs or secrets unless approved, and confirm before form submissions or other state-changing browsing tasks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger language is broad enough to capture many ordinary web-help requests, which can cause the agent to invoke an external cloud research/browsing service more often than necessary. In this context, overbroad activation increases the chance that user queries and browsed content are sent to a third-party API without a clear need, expanding privacy and data-exposure risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs use of credentialed external APIs and cloud browsing but does not explicitly warn that prompts, URLs, and potentially page contents will be transmitted to Yutori infrastructure. That omission can lead to unintentional disclosure of sensitive user data or internal browsing targets, particularly because the skill encourages broad research and navigation workflows.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script sends the user's research query, timezone, and location to a remote Yutori API endpoint, but provides no explicit privacy warning or consent step beyond basic CLI usage text. In a skill designed for web research this transmission is expected, but queries may contain sensitive user data and the added location context increases privacy risk if users are not clearly informed.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The script silently defaults to a specific timezone and location (America/Los_Angeles, San Francisco, CA, US) when the user does not provide them. This can misrepresent the user's context to the remote service and causes unnecessary transmission of location-like data without user opt-in, creating avoidable privacy and data-quality issues.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/yutori-research.mjs:16