Back to skill

Security audit

Token Saver Skill

Security checks across malware telemetry and agentic risk

Overview

TokenSaver is purpose-aligned, but it automatically rewrites and caches chat context using an unprovided core package, so users should review its data handling before installing.

Install only if you are comfortable with chat content being automatically compressed and potentially cached. Avoid using it for sensitive conversations unless the publisher provides the @token-saver/core source or pinned dependency details plus clear cache retention and scope documentation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill maps broad natural-language requests like configuration/help/status phrases directly to command execution, which can cause unintended activation during ordinary conversation. In an agent environment, ambiguous triggers can lead to state changes or data-reporting actions without clear user intent, especially when discussion about the skill is mistaken for an instruction to operate it.

Vague Triggers

Medium
Confidence
95% confidence
Finding
Several trigger phrases are generic conversational language, such as requests about defaults, quality, or stopping behavior, and may overlap with normal dialogue unrelated to actual skill control. That increases the risk of accidental command execution, including disabling optimization or changing compression mode, which can alter system behavior and potentially affect data handling unexpectedly.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill advertises automatic context compression and semantic caching of conversation content but does not clearly disclose retention boundaries, cache scope, or how transformed conversation data is stored and reused. In practice, this can expose sensitive prompts, outputs, or derived summaries to unintended persistence or replay, particularly if users assume ephemeral handling of conversation context.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The plugin automatically transforms conversation context before each AI request via `this.saver.optimize(context)` without obtaining explicit per-request consent or clearly disclosing that user content may be compressed, summarized, or semantically cached. In an AI integration, silent modification of prompts can alter meaning, omit safety-relevant details, or retain sensitive content in caches longer than users expect, creating integrity and privacy risk even though no obviously malicious exfiltration is shown in this file.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.