Back to skill

Security audit

Anylist

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward AnyList shopping-list helper, with normal account-access risks for a tool that can read and change lists.

Install this only if you want an agent to access your AnyList account through anylist-cli. Prefer interactive authentication when practical, protect any environment variables containing your email or password, and ask the agent to confirm before removing items or clearing checked items.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger description is broad enough to activate on common shopping or grocery-related conversations, which can cause the agent to invoke this skill when the user did not clearly intend account-backed list operations. In context, this increases the chance of unintended access to shopping data or accidental list modification, though the skill itself is narrowly scoped to AnyList use.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documented commands include destructive operations like remove and clear without any warning, confirmation requirement, or distinction between read-only and write/delete actions. In an agent setting, this can lead to accidental irreversible changes to a user's shopping list if the skill is invoked from ambiguous natural-language requests.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The setup instructions recommend placing account credentials in environment variables without any warning about secret handling, shell history, process exposure, or secure storage. While common in CLI documentation, this still creates credential-handling risk, especially in shared environments, logs, or agent runtimes where environment variables may be surfaced unexpectedly.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.