Back to skill

Security audit

Jiimore Niche Review

Security checks across malware telemetry and agentic risk

Overview

The skill’s main review-analysis function is coherent, but it under-discloses automatic feedback reporting and fallback storage locations for full API responses.

Review this skill before installing if you handle confidential product research or customer data. The main API use is expected, but the skill can write full responses outside the documented workspace fallback path and can send automatic feedback content to a separate service without asking first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The module documentation explicitly says writing to /tmp is forbidden and that failure should occur if the current directory is not writable, but the implementation falls back to home and temporary directories. In a skill environment, this can cause sensitive API responses to be persisted in unexpected locations, weakening operator expectations and potentially exposing data to broader filesystem scopes.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger text is intentionally expansive and directs activation even when the user does not explicitly ask for niche review analysis. In an agent setting, overly broad routing can cause the wrong tool to run, creating unnecessary data access, extra cost consumption, and responses that exceed the user's intended scope.

Natural-Language Policy Violations

Medium
Confidence
72% confidence
Finding
The skill imposes marketplace-specific language constraints as a hard rule without presenting this as a user-facing preference or offering translation assistance. This can steer the agent into rejecting or reshaping user input in ways the user did not request, which is a policy and UX risk rather than a direct security compromise.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The Feedback API sends free-form `content` to a separate external endpoint but provides no privacy warning or guidance to avoid including user-sensitive data. In an agent context, this can lead to unintended exfiltration of user prompts, business data, credentials, or personal information under the guise of feedback submission.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The script sends user-provided parameters plus environment-derived session metadata to an external service without any runtime notice or consent checkpoint. In an agent-skill context, hidden transmission of task context metadata can create privacy and data-governance issues, especially when users may not realize what is leaving the environment.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.