Back to skill

Security audit

secondme-skill

Security checks across malware telemetry and agentic risk

Overview

This is a coherent personal AI-persona pipeline, but it handles sensitive personal data while enabling external interoperability and broad local authority without enough scoping detail.

Install only if you are comfortable creating persistent persona, knowledge, and model artifacts from your personal data. Use a dedicated workspace, authorize only specific source folders, review the dependent OpenPersona skills, and disable or tightly gate ACN, A2A, on-chain, and external sharing features unless you intentionally need them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The manifest markets the skill as local-first and privacy-first, yet explicitly enables remote ACN gateway access and on-chain/social interoperability. That mismatch can cause sensitive persona, knowledge-base, or metadata to leave the local environment through integrations users may not reasonably expect, increasing privacy and data-governance risk.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
Remote social and on-chain capabilities are not necessary for the core stated function of persona distillation, knowledge-base maintenance, and local model training. Because this skill handles highly personal data, unnecessary connectivity expands attack surface and creates opportunities for oversharing, metadata leakage, or unintended publication of identity-linked information.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The manifest grants powerful capabilities including shell execution, file write access, and web fetching, which together are sufficient to download content, execute commands, and modify local artifacts. In a skill designed to ingest personal data and train models, these permissions substantially raise the risk of exfiltration, unsafe command execution, supply-chain abuse, or destructive local changes if the skill or a dependency is compromised.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.