Back to skill

Security audit

review-manager

Security checks across malware telemetry and agentic risk

Overview

The skill has a coherent review-management purpose, but its Discord alert/report scripts can expose private review data and create a local command-execution risk.

Install only if you are comfortable reviewing or fixing the Discord send implementation first. Replace shell-built execSync calls with a safe API or execFile/spawn argument arrays, validate channel IDs, and treat review text as untrusted. Use a private Discord destination, minimize or redact customer review content, set retention rules for the local data directory, and avoid reusing logged-in browser sessions unless the account scope is explicit and authorized.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README explicitly promotes automated review collection, AI-generated replies, competitor comparison, and Discord transmission of reports, but it does not document privacy constraints, lawful collection boundaries, retention limits, or handling of potentially personal data in reviews. In this skill context, that omission is meaningful because review text can contain personal information and the documented automation encourages ongoing collection and third-party sharing without safeguards.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill clearly states that collected reviews, generated replies, and reports are stored under a local data directory as JSON, but it does not provide a strong warning that these files may contain personal data, customer sentiments, business identifiers, and operationally sensitive information. This increases the risk of unintended retention, insecure local exposure, backup leakage, or accidental sharing, especially in multi-user or synced workstation environments.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script forwards full review content, author name, platform, and rating to Discord without any visible consent gate, minimization, or disclosure mechanism. This can expose customer-generated content and potentially personal data to a third-party platform, creating privacy, compliance, and data-handling risks if the Discord workspace is misconfigured or broader than intended.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script can send aggregated review-derived content to Discord, a third-party external service, when invoked with `--send discord`, but it does not present any explicit consent prompt, warning, or data-sharing notice at the point of transmission. Because the message includes user-generated review text distilled into keywords and platform statistics, this creates a privacy and compliance risk, especially in a customer-review management context where review content may contain personal or sensitive information.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/check-negative.js:80

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/weekly-report.js:171