Data Moat Plugin

Security checks across malware telemetry and agentic risk

Overview

DataMoat appears purpose-aligned, but it installs and immediately starts broad background capture of local AI conversation data before desktop setup, with some install-supply-chain and replacement risks users should review first.

Install only if you are comfortable with DataMoat immediately starting background capture of local AI conversation records and attachments before desktop setup is complete. Review the Linux install path especially, because it runs freshly fetched GitHub code rather than a checksum-verified release, and consider installing from the official site or a pinned, verified release if you need stronger supply-chain control.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (9)

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The installer does more than a typical fetch-and-install flow: it immediately launches the installed binary in a background 'no screen' mode and claims active protection before the user has explicitly opened or configured the app. In a skill context, silently starting persistent data-monitoring or protection behavior expands privilege and runtime impact beyond what many users would reasonably expect from an installer, increasing the risk of unauthorized collection, monitoring, or persistence.

Intent-Code Divergence

Medium

Confidence: 81% confidence
Finding: The header comment says the script starts 'pre-setup no-screen protection,' while later user-facing output suggests protection begins only after opening the app and completing setup. This inconsistency is security-relevant because it obscures the true timing of background activation and can mislead reviewers or users about when sensitive data handling starts.

Intent-Code Divergence

Medium

Confidence: 91% confidence
Finding: The installer messaging frames setup as requiring a later user action, but the script already starts the binary in a special background mode and waits for evidence that protection is active. That mismatch undermines informed consent and can cause users to enable persistent data-monitoring behavior without clearly understanding it has already begun.

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The script launches DataMoat with a hidden/special background flag ('--datamoat-remote-no-screen'), enabling unattended operation outside normal interactive startup. In the context of a tool that accesses local conversation records and attachments across multiple AI applications, silently enabling continuous background collection or protection increases privacy and security risk if the user has not explicitly authorized that mode.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The install section states that installation starts 'pre-setup no-screen protection so capture begins immediately' before the user finishes desktop setup, but the skill does not present this as a prominent warning requiring informed consent. This is dangerous because it enables immediate background collection of conversation logs, attachments, and related data before the user has clearly acknowledged that capture will begin.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The script clones the latest code from a remote GitHub repository and immediately executes a secondary installer (`bash install.sh --remote-no-screen`) without integrity verification, version pinning, or explicit user confirmation at the point of execution. This creates a supply-chain and remote-code-execution risk: if the repository is compromised or the fetched installer changes unexpectedly, arbitrary code will run on the user's machine.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The script starts `install.sh --remote-no-screen`, and the surrounding messages indicate it begins background protection that watches and captures local conversation records before the user completes setup in the desktop app. In this skill's context, that is especially sensitive because the product targets AI chat histories and attachments, so activating background monitoring without a clear, upfront privacy notice and consent can expose highly sensitive personal or enterprise data.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script unconditionally deletes and replaces '~/Applications/DataMoat.app' without warning, confirmation, or validation that the user intended to overwrite an existing installation. This can destroy a prior trusted app state, interrupt user workflows, or facilitate downgrade/replacement scenarios if the remote source is compromised.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The script launches a background process using a hidden 'no screen' mode immediately after install, without obtaining explicit prior consent for that behavioral change. In this skill's context—handling local AI conversation records and attachments—that background execution increases the sensitivity of the action because it may begin processing private user data right away.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal