Back to skill

Security audit

KameleonDB

Security checks across malware telemetry and agentic risk

Overview

KameleonDB appears to be a legitimate database skill, but it gives agents broad persistent database authority without enough consent, scoping, or data-governance guardrails.

Install only if you intentionally want an agent to manage a dedicated persistent database. Use a separate test or agent-only database, avoid production credentials, restrict database permissions, and set explicit rules for when the agent may store personal data, import files, change schemas, run SQL, delete records, or optimize storage.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Missing User Warnings

Low
Confidence
87% confidence
Finding
The README demonstrates commands that initialize a database, create schema, and insert records, but it does not clearly warn that these operations persistently modify local or configured database state. In an agent skill context, this is risky because an autonomous agent may treat example commands as safe read-only usage and execute them against a real configured backend, causing unintended state changes.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description is very broad and overlaps with many common agent tasks involving memory, preferences, tracking, and knowledge storage. This can cause the skill to be invoked in situations where persistent storage is unnecessary or unexpected, increasing the chance that sensitive user or third-party data is stored without clear intent or consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly encourages storing contacts, user preferences, tasks, scraped data, and API responses, but it does not provide a prominent warning about persistence, retention, privacy, or handling of sensitive data. In an agent context, this is dangerous because users may not realize information is being written to long-lived storage, potentially exposing personal, confidential, or regulated data across future sessions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The workflow explicitly shows an agent autonomously creating schema, inserting customer records, enriching them, and optimizing storage for persistent customer data without any privacy notice, consent boundary, approval checkpoint, or data-governance warning. In a skill whose purpose is persistent storage and cross-conversation/entity tracking, this omission can normalize unsafe handling of personal data and lead downstream agents to store PII or expand retained fields without user awareness or policy review.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.