Back to skill

Security audit

ton

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be an informational namespace package that only contains a small local script intended to print static Ton/Netsnek information.

This looks safe to install as a simple informational skill. Be aware that it does not appear to perform audio transcription, conversion, waveform analysis, or podcast management despite listing those as features; it mainly prints brand and capability text. The requested exec permission is not dangerous in the reviewed version, but it is more powerful than necessary for static information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Context-Inappropriate Capability

Low
Confidence
91% confidence
Finding
The skill requests `exec` permission even though the documented functionality is limited to displaying summary, features, and JSON metadata. Unnecessary execution permission expands the attack surface: if the referenced script is modified, replaced, or behaves unexpectedly, the agent could execute arbitrary commands under a permission set not justified by the user-facing purpose.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.