Security audit

MaxKB

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed MaxKB connector that sends questions to a configured MaxKB agent service, with privacy and credential cautions but no evidence of hidden or malicious behavior.

Install only if you intend to send user questions to your configured MaxKB instance. Use a trusted HTTPS MaxKB endpoint, prefer a dedicated least-privilege account or scoped token instead of broad admin credentials when possible, protect the .env file, and avoid sending secrets, regulated data, or private customer content unless your MaxKB deployment is approved for that data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (4)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README explicitly documents that user questions, admin credentials or tokens, and downstream anonymous access tokens are sent to a remote MaxKB service, but it does not clearly warn operators or end users about privacy, logging, retention, or sensitive-data handling risks. In an agent-routing skill, this omission is security-relevant because an LLM may forward user prompts containing secrets or regulated data to external services without informed consent or policy checks.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The documented flow sends the user's question to another agent, but there is no user-facing notice, consent step, or data-handling warning. This creates a privacy and data-governance risk because sensitive user input may be forwarded to another service or subsystem without the user's awareness.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs operators to provide an administrator API token or username/password, but gives no warning about credential sensitivity, storage, rotation, or least-privilege use. Using highly privileged credentials in an agent skill increases the blast radius if the runtime, logs, prompts, or downstream integrations are exposed or mishandled.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The skill sends the user's question to an external MaxKB service, which is a real data-flow/privacy concern because potentially sensitive user input leaves the local agent boundary. In this skill's context, remote transmission is the core functionality, but the lack of user-facing disclosure, minimization, or consent controls still makes it a legitimate privacy/security issue rather than a false positive.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal