Back to skill

Security audit

Web Service Onboarding

Security checks across malware telemetry and agentic risk

Overview

The skill has a legitimate account-onboarding purpose, but it gives broad authority to create accounts and credentials while requiring signup details to be logged to Notion.

Review before installing. Use only for services you explicitly name, confirm account creation, paid tiers, API key creation, 1Password vault writes, and .env edits before execution, and install only if you accept the mandatory Notion logging of signup metadata.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill makes an external Notion registry update mandatory for every signup, which goes beyond the core task of creating an account and storing resulting credentials. This creates unnecessary disclosure of service names, email addresses, dates, and purposes to a third-party system, increasing privacy and data-governance risk if the registry is overbroad, misconfigured, or later accessed by unauthorized parties.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The invocation scope is extremely broad: it authorizes autonomous signup for 'any external service,' including flows involving browser automation, email handling, WebAuthn, API key generation, and secret storage. Such a wide trigger increases the chance the skill is used in inappropriate contexts, on sensitive platforms, or without sufficient service-specific guardrails and user consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly covers generating API keys, storing them in 1Password, and wiring environment configuration, but it does not require an explicit user-facing warning or approval before modifying secrets or local configuration. That can silently create persistent credentials and alter operational environments, which is high-impact because such changes may grant ongoing access or affect deployments beyond the immediate signup task.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The mandatory Notion registry step records service/account metadata in an external system without any warning about privacy, retention, or access control. Even if intended for operational tracking, silently exporting account details to a third-party SaaS increases exposure of potentially sensitive onboarding history and email usage patterns.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.