Security audit

fridge-keeper

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed fridge inventory helper that stores food records locally or in an optional user-chosen database, with some privacy and routing cautions but no evidence of hidden or malicious behavior.

Install only if you are comfortable storing household food inventory data. Prefer local storage unless you need a database, and if database mode is used, create a dedicated low-privilege database user and avoid reusing important passwords.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill performs local file reads and writes, including saving configuration under ~/.claude/skills/fridge-keeper/config.json and using a local data file, but no explicit permissions are declared. This creates a transparency and containment problem: users and the platform may not realize the skill can persist data to disk, which can expose personal inventory information or enable unintended file access paths if later implemented unsafely.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 91% confidence
Finding: The stated purpose sounds like a simple fridge assistant, but the documented behavior includes writing local config files, connecting to remote MySQL/PostgreSQL/MongoDB instances, and deleting records. That mismatch matters because users may consent to a lightweight household helper without realizing it can store data remotely or perform destructive operations, increasing privacy and integrity risk.

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The PostgreSQL implementation appears broken and may cause unsafe error handling or insecure workarounds later: psycopg2 cursors do not support cursor(dictionary=True), so this path will fail at runtime. In practice, broken storage code can lead operators to disable checks, patch hurriedly, or fall back to unsafe direct SQL handling, increasing operational security risk.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The trigger phrases include generic everyday expressions such as '有什么', '建议', and '查看冰箱', which are broad enough to cause accidental activation in unrelated conversations. In a skill that can read/write stored data and potentially connect to configured backends, unintended invocation can lead to unauthorized data disclosure or unintended state changes.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill documents local file storage and remote database configuration/storage, but it does not clearly warn users that food inventory and configuration data will persist on disk or may be sent to remote infrastructure. That lack of disclosure undermines informed consent and can expose household behavior patterns, inventory habits, and potentially database credentials if users do not understand the persistence model.

VirusTotal

51/51 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.