Security audit

cairn

Security checks across malware telemetry and agentic risk

Overview

Cairn is a disclosed local indexing and retrieval skill that reads content the user chooses to ingest and stores it in a local SQLite index.

Install only if you are comfortable with selected local files being indexed into ~/.cairn and later retrievable by agents you connect to the MCP server. For sensitive repositories, set CAIRN_ALLOWED_ROOTS, use a separate dbPath, and enable CAIRN_OFFLINE when you need to prevent web fetches and model downloads.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The doc-extraction pass sends local markdown content and code-entity context to a chat model, which can disclose sensitive local repository information to a model backend. Even if the deployment is intended to be local, this file does not enforce locality or require explicit opt-in before transmitting content, so misconfiguration could turn indexing into unintended data exposure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.