Back to skill

Security audit

Readeck Save

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it saves a user-provided URL to the user’s configured Readeck server using a documented API token.

Install this only for a Readeck instance you trust. Use a revocable or least-privileged API token if Readeck supports it, check READECK_URL carefully, and avoid saving private, internal, or token-bearing URLs unless you intend that Readeck server to store and fetch them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill invokes a shell script but does not declare permissions, which hides its execution capabilities from the platform and from reviewers. Undeclared shell access increases risk because the skill can transmit data or perform side effects without an explicit permission boundary, and here it is used to send user-supplied URLs plus an API token to an external service.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The activation text is broad enough to match many common requests about saving or sending pages, which can cause the skill to trigger in situations where the user did not intend to involve this specific integration. Because the skill sends URLs to a configured self-hosted server, overbroad triggering can lead to unintended data disclosure or unwanted external actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation does not clearly warn users that submitted article URLs will be sent to the configured Readeck server, which will then remotely fetch the content. This matters because URLs may contain sensitive query parameters, private resources, or internal hostnames, and the remote fetch introduces an additional network action beyond simply storing a bookmark.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.