Security audit

luci-upload

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed media uploader for memories.ai, with privacy-sensitive behavior that matches its stated purpose.

Install only if you are comfortable sending chosen photos or videos, timestamps, and location coordinates to memories.ai. Use --probe first, verify the exact file and metadata before uploading, prefer --lat/--lon over --location for sensitive places if you do not want a geocoding lookup, and keep MEMORIES_AI_KEY private.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration

Findings (7)

Tainted flow: 'req' from os.environ.get (line 212, credential/environment) → urllib.request.urlopen (network output)

Critical

Category: Data Flow
Content: }) try: with urllib.request.urlopen(req, timeout=300) as resp: return json.loads(resp.read()) except urllib.error.HTTPError as e: error_body = e.read().decode() if e.fp else ""
Confidence: 91% confidence
Finding: with urllib.request.urlopen(req, timeout=300) as resp:

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill clearly uses sensitive capabilities: it reads an API key from the environment, invokes shell commands, probes local files, and uploads media plus metadata to an external network service. Declaring no explicit permissions weakens transparency and policy enforcement, making it easier for an agent or user to invoke a high-impact action without clear consent boundaries.

Context-Inappropriate Capability

Low

Confidence: 86% confidence
Finding: The skill sends user-provided location text to a third-party geocoding service that is not described in the manifest. This creates an undisclosed data-sharing path and may expose sensitive place names or private addresses to an external provider.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The phrase "or similar" broadens activation criteria beyond specific, user-intended upload requests, which can cause the skill to trigger on ambiguous language. In this skill's context, accidental activation is more dangerous because it can lead to probing local files and uploading private media and location/time metadata to a third-party service.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill description does not prominently warn that it sends user media and potentially embedded metadata, including capture time and GPS location, to an external service. Because uploaded photos/videos often contain highly sensitive personal information, insufficient disclosure undermines informed consent and increases the risk of unintended privacy exposure.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The script uploads local media files along with extracted or user-supplied time and location metadata to an external service without any confirmation step or privacy warning in the code path. Because photos and videos may contain highly sensitive personal information, silent exfiltration to a remote API increases privacy and misuse risk.

Missing User Warnings

Low

Confidence: 89% confidence
Finding: The geocoding feature transmits user-entered location strings to OpenStreetMap Nominatim without explicit disclosure in the skill behavior. Even though this is functional, location text can be sensitive and should not be sent to third parties implicitly.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal