Ghost-Writer Sync

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it says, but Ghost support stores a powerful API key in plain text and uses admin-style access, so it should be reviewed before use.

Install only if you are comfortable with a local JSON config containing your Ghost key. Use a dedicated or least-privileged Ghost key if possible, keep the config file private, avoid printing config in captured logs, and test with a backed-up or dedicated vault before syncing your main notes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill is designed to write synchronized content into a local Obsidian or Logseq vault, but the documentation does not warn that existing files may be modified, overwritten, or created in bulk. In a note-taking vault, that can corrupt user content, pollute downstream AI workflows, or introduce untrusted remote content into a trusted local knowledge base without informed consent.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The add-ghost command stores the provided Ghost API key in plaintext in a JSON config file on disk, with no warning, no permission hardening, and no use of a system secret store. On multi-user systems, shared workstations, backups, or compromised local accounts, this can expose credentials that allow API access to the Ghost instance and potentially broader content-management actions depending on the key's privileges.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal