Proton Pass CLI

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Proton Pass CLI guide with powerful secret-management commands, so it is acceptable but should be used carefully.

Install this only if you want an agent helping with Proton Pass. Verify the installer source or use a package manager, prefer web or interactive login, avoid plaintext credential environment variables when possible, and require explicit approval before viewing, sharing, deleting, transferring, importing SSH keys, or injecting secrets. Keep masking enabled by default and do not commit or log rendered files containing secrets.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill documents `pass-cli run --no-masking` but does not prominently warn that disabling masking can expose resolved secrets in terminal output, CI logs, shell history-adjacent transcripts, and monitoring systems. In a secret-management skill, omission of that warning increases the chance users will unintentionally disclose credentials during normal automation workflows.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The template injection examples show rendering secrets into output files without clearly warning that this creates plaintext secret material on disk. Even with mode `0600`, secrets may persist in backups, container layers, editor swap files, or be read by later processes, which is especially sensitive in a password-management context.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal