Back to skill

Security audit

AgentGuard

Security checks across malware telemetry and agentic risk

Overview

AgentGuard appears defensive, but it should be reviewed because it collects sensitive activity telemetry while its local-only privacy claims conflict with external alert and sharing features.

Install only if you intentionally want an agent activity monitor. Before starting it, limit watched directories, keep alerting/reporting console-only unless you explicitly want data sent to Telegram/Discord/webhooks, review what gets written under ~/.agentguard, shorten retention if needed, and verify the publisher/source and dependencies before running the Python scripts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The `summary` CLI command unexpectedly calls `monitor.start()` and begins live monitoring of user directories before producing output. This violates least surprise and can collect file activity from sensitive locations without clear consent, creating privacy and trust risks even if the monitoring is local-only.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README promotes broad security monitoring and communication logging but does not clearly warn users about the privacy implications of capturing file activity and external communications. Even if intended for defensive use, this can lead to collection of sensitive personal or organizational data without informed consent or clear scope boundaries.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill is explicitly designed to monitor file access, API activity, and communications, and it also describes local retention of logs and behavioral baselines. While this may serve a legitimate security purpose, the documentation does not prominently disclose the privacy implications of collecting broad operational metadata, which could include sensitive filenames, destinations, and timing patterns. In a monitoring skill, lack of clear user warning and consent boundaries makes inadvertent privacy harm more likely.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The configuration and reporting sections show Telegram being used for alerts and reports, which means security telemetry may leave the local environment and be transmitted to a third-party service. This directly conflicts with the broader 'No external data transmission' privacy claim unless very clearly qualified, and users may unknowingly expose sensitive operational data, destinations, or incident details to an external platform.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The code creates configuration and log directories under the user's home directory automatically, but there is no user-facing notice explaining that monitoring artifacts may be stored locally. Silent creation of security-monitoring storage can expose sensitive metadata retention and undermine informed consent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The monitor records file paths, sensitivity classifications, and API metadata including full URLs and domains, which may reveal secrets, internal endpoints, usernames, or project structure. Collecting this telemetry without an explicit warning or consent mechanism creates a privacy and data-handling vulnerability, especially in an agent skill context where users may not expect background observation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.