MH things-mac

Security checks across malware telemetry and agentic risk

Overview

This Things 3 skill is purpose-aligned, but it combines broad local access, a Things auth token, and an unpinned third-party CLI whose current capabilities appear broader than the skill text discloses.

Install only if you trust the upstream things3-cli project and accept granting broad local access to the calling app. Prefer a pinned release instead of '@latest', avoid putting Things auth tokens directly in prompts or command flags, and use dry-run or manual confirmation before letting an agent change or complete tasks.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 93% confidence
Finding: The skill documents use of `THINGS_AUTH_TOKEN` and passing `--auth-token <TOKEN>` but does not warn about safe secret handling. In an agent context, users may provide tokens directly in prompts or commands, which can leak into logs, shell history, process listings, transcripts, or dry-run output; the risk is limited to unauthorized modification of the user's Things data rather than broader system compromise.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal