Back to skill

Security audit

second brain

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Ensue-backed personal memory skill whose remote storage and API-key use are purpose-aligned, though users should treat saved notes as durable remote data.

Install only if you trust Ensue with the knowledge you choose to store. Review drafts before saving, avoid secrets, credentials, private paths, and sensitive personal details, and use a revocable Ensue API key if possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
97% confidence
Finding
The skill explicitly instructs the agent to invoke a shell wrapper script (`scripts/ensue-api.sh`) while declaring no permissions. That mismatch is dangerous because it can bypass expected capability review and allow command execution paths that are not visible in the manifest, especially if user-controlled content is later interpolated into shell arguments or if the wrapper script behavior changes.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The described scope covers both saving and retrieval across broad user knowledge-management scenarios without clear boundaries on what content may be accessed or persisted. In context, this is more dangerous because the skill handles long-term memory and search, so overbroad invocation can expose prior notes or store private information during ambiguous requests despite the prose guidance against secrets.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The described scope covers both saving and retrieval across broad user knowledge-management scenarios without clear boundaries on what content may be accessed or persisted. In context, this is more dangerous because the skill handles long-term memory and search, so overbroad invocation can expose prior notes or store private information during ambiguous requests despite the prose guidance against secrets.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.