Back to skill

Security audit

Nex Keyring

Security checks across malware telemetry and agentic risk

Overview

This looks like a local secret-tracking tool, but it needs review because it scans and exports sensitive secret metadata while under-warning users and overstating its protection.

Install only if you intentionally want a local inventory of secret metadata. Treat ~/.nex-keyring and any exports as sensitive files, avoid scanning broad or production .env files casually, do not export into shared folders or repositories, and do not rely on the advertised encryption claims without verifying protection yourself.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README encourages scanning .env files and environment variables, which are highly likely to contain live credentials, but does not prominently warn users that these operations process sensitive local secrets and may capture metadata derived from them. In a security-oriented tool, missing handling cautions can lead to unsafe usage, accidental overbroad scans, or misunderstanding of what data is being read and retained.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README promotes exporting the secret registry to JSON, CSV, and Markdown without clearly warning that these exports create additional files containing sensitive secret metadata such as names, services, prefixes, hashes, usage context, and audit history. Even if raw secret values are excluded, this metadata can materially aid attackers in reconnaissance and targeting.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger scope includes very broad terms such as 'password', 'key', and generic security phrases, which can cause the skill to activate in contexts where users did not intend secret-management actions. In a skill that scans environment files and registers credentials, accidental invocation increases the chance of unnecessary credential discovery or prompting users toward sensitive operations.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation describes scanning .env files and environment variables for API keys without an explicit warning that these sources may contain highly sensitive secrets. Without a prominent caution and consent step, users may be led to expose or process credentials more casually than intended, especially in shared terminals or logs.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The export function can serialize and disclose a complete inventory of tracked secrets metadata, including names, services, descriptions, tags, usage locations, env file paths, and timestamps, in easily shareable formats. Even when `key_hash` is excluded, this metadata is highly sensitive because it maps credential locations and operational dependencies, which can materially aid reconnaissance and follow-on compromise.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The import workflow scans a user-supplied .env file for secrets and registers discovered keys into local storage without any confirmation, sensitivity warning, or clear disclosure of what metadata may be persisted. In a secret-management context, this can lead to accidental ingestion of sensitive material from unintended files and expansion of secret exposure through local database, audit, or export paths.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The export command writes the secret registry to an arbitrary filesystem path with no warning or safety checks. Even if the registry primarily stores metadata, exporting to world-readable locations, synced folders, or unintended files can leak sensitive operational information about secret names, services, rotation history, and hashes.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The installer writes and overwrites an executable in ~/.local/bin without prompting the user or verifying whether an existing command is being replaced. While this is common installer behavior, it can unexpectedly shadow a prior executable or persist a launcher in the user's PATH, which has security implications if the skill directory later changes or is tampered with.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.