Back to skill

Security audit

Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a local analytics helper for AI conversation history; its sensitive file access is disclosed and fits that purpose.

Install only if you are comfortable with the agent reading local AI conversation logs. Prefer date or project filters for narrower reports, review generated summaries before sharing them, and verify the optional external Memory Forge package before running the dashboard install commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill instructs the agent to read local conversation history from `~/.claude/projects/` and optional files under `~/memory-forge/data/`, but the manifest does not declare any permissions or clearly surface that filesystem access is required. Undeclared file-read capability is dangerous because it can cause the agent to access sensitive user data under the guise of analysis without an explicit permission boundary or clear user awareness.

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The skill description says it analyzes AI conversation history for KPIs and efficiency insights, but the actual behavior includes scanning specific local directories and additional per-project/per-model summarization that is not transparently disclosed, while also overstating capabilities like topic distribution. This mismatch is risky because users may consent to a high-level analysis without understanding the concrete filesystem access and data collection scope, leading to unexpected exposure of sensitive conversation metadata.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.