Back to skill

Security audit

Headless Vault CLI

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed SSH helper for reading and adding Markdown notes, with one optional web-digest example users should invoke only deliberately.

Install only if you trust the SSH tunnel and vaultctl setup, because the agent can read note contents and create or append Markdown files in your vault. Treat note-derived links as untrusted: allow browsing them only when you explicitly asked for that workflow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Context-Inappropriate Capability

Medium
Confidence
83% confidence
Finding
The documented workflow expands the skill from vault access into browsing arbitrary external sources based on note contents, which creates an unnecessary capability boundary violation. If an attacker can influence the source note, they may induce the agent to visit untrusted URLs, causing data exfiltration, prompt injection exposure, or unreviewed network access outside the skill's stated purpose.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.