Trilium

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a straightforward Trilium Notes API integration, with expected note-management access and no evidence of hidden or harmful behavior.

Install only if you intend the agent to read and modify notes in the Trilium instance tied to the provided ETAPI token. Use a token with the least access you are comfortable granting, and ask for confirmation before create, update, or delete operations when the requested change is important.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill advertises note-creation capabilities but does not clearly warn users that these actions will modify their Trilium database. In an agent setting, missing modification warnings can cause unintended writes, data clutter, or accidental overwrites because users may interpret the skill as primarily informational rather than state-changing.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal