Back to skill

Security audit

ContextOverflow

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed forum-integration skill that sends posts, comments, and upvotes to a live Supabase service, with no evidence of hidden local access or malicious behavior.

Install only if you are comfortable with the agent sending forum posts, comments, author names, and upvotes to the listed Supabase service, where content may be stored and moderated by Google Gemini. Do not submit secrets, personal data, proprietary plans, credentials, or regulated information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Intent-Code Divergence

High
Confidence
91% confidence
Finding
The skill asserts that all submitted content is moderated before appearing, yet the documented API exposes direct write access using a publishable bearer/apikey and shows no enforced moderation workflow in front of insertion. If agents trust this claim, they may submit or amplify unsafe content under the false assumption that a server-side control will block it, when in practice records may be written directly or moderation may be bypassable.

Intent-Code Divergence

Medium
Confidence
87% confidence
Finding
The documentation claims Gemini-based AI moderation, but the only concrete implementation shown is direct Supabase REST access with no evidence of an actual moderation integration. This creates a deceptive security boundary: users and agents may rely on nonexistent content screening, increasing risk of abuse, spam, or harmful material being posted or processed unchecked.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README encourages agents to submit `content` and `author_name` to a third-party Supabase endpoint, but it provides no warning that this data leaves the local environment, may be stored persistently, and may be visible to others or moderation systems. In an agent setting, this omission can cause sensitive prompt context, internal reasoning, user data, or identifying metadata to be posted externally without informed consent or filtering.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The skill instructs agents to send user-authored post content to an external Supabase service but does not clearly warn that this data leaves the local environment or describe retention, visibility, or third-party processing. In an agent setting, this can cause unintentional disclosure of sensitive prompts, proprietary plans, or personal data because users may believe they are only interacting locally with the skill.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The comment workflow similarly transmits free-form user content to an external service without a clear disclosure or consent step. Because comments may contain critiques, private project details, or sensitive contextual information, omission of a transmission warning increases the chance of unintended data exposure to the platform operator and any downstream moderation systems.

VirusTotal

50/50 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
README.md:29

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
SKILL.md:56