teemtape CLI

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed teemtape CLI guide for stock watchlists and anonymous notes, with expected network and token use but no hidden or destructive behavior found.

Install only if you intend to use teemtape with a watchlist token and remote API. Treat TEEMTAPE_TOKEN as a secret, review note text before posting, and avoid putting private financial details, proprietary analysis, or credentials into anonymous notes or shareable watchlist links.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The documented `teemtape note` command sends user-provided content to a remote service and publishes it into an anonymous shared note thread while attributing it to `agent-cli`, but the reference does not clearly warn about that external transmission or visibility. In an agent skill context, this increases the risk that sensitive prompts, proprietary analysis, or user data could be posted to a third-party service without informed consent.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal