Back to skill

Security audit

Plan2meal

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Plan2Meal integration that uses OAuth and a Convex backend for recipe and grocery-list commands, with no artifact evidence of hidden, destructive, or deceptive behavior.

Install only if you intend to connect Plan2Meal to a Convex backend and OAuth provider. Prefer your own CONVEX_URL, enable ALLOW_DEFAULT_BACKEND only if you accept the shared backend, keep OAuth callback URLs tight, and update/lock npm dependencies before deploying from source.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The handler treats any message containing `code=` as an OAuth callback and parses attacker-controlled text as a callback URL. This broad trigger can cause unintended processing of arbitrary chat content and increases the attack surface around OAuth state handling, especially in chat environments where URLs or query strings may be echoed or injected.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"author": "",
  "license": "MIT",
  "dependencies": {
    "axios": "^1.6.2"
  },
  "devDependencies": {
    "@eslint/js": "^9.17.0",
Confidence
97% confidence
Finding
"axios": "^1.6.2"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"axios": "^1.6.2"
  },
  "devDependencies": {
    "@eslint/js": "^9.17.0",
    "@types/node": "^20.10.0",
    "eslint": "^9.17.0",
    "typescript": "^5.3.0",
Confidence
90% confidence
Finding
"@eslint/js": "^9.17.0"

Unpinned Dependencies

Low
Category
Supply Chain
Content
},
  "devDependencies": {
    "@eslint/js": "^9.17.0",
    "@types/node": "^20.10.0",
    "eslint": "^9.17.0",
    "typescript": "^5.3.0",
    "typescript-eslint": "^8.18.0"
Confidence
90% confidence
Finding
"@types/node": "^20.10.0"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"devDependencies": {
    "@eslint/js": "^9.17.0",
    "@types/node": "^20.10.0",
    "eslint": "^9.17.0",
    "typescript": "^5.3.0",
    "typescript-eslint": "^8.18.0"
  }
Confidence
90% confidence
Finding
"eslint": "^9.17.0"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"@eslint/js": "^9.17.0",
    "@types/node": "^20.10.0",
    "eslint": "^9.17.0",
    "typescript": "^5.3.0",
    "typescript-eslint": "^8.18.0"
  }
}
Confidence
90% confidence
Finding
"typescript": "^5.3.0"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"@types/node": "^20.10.0",
    "eslint": "^9.17.0",
    "typescript": "^5.3.0",
    "typescript-eslint": "^8.18.0"
  }
}
Confidence
90% confidence
Finding
"typescript-eslint": "^8.18.0"

Known Vulnerable Dependency: axios==1.6.2 — 10 advisory(ies): CVE-2026-44494 (axios Vulnerable to Full Man-in-the-Middle via Prototype Pollution Gadget in `co); CVE-2026-44495 (axios Vulnerable to Credential Theft and Response Hijacking via Prototype Pollut); CVE-2025-62718 (Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF) +7 more

High
Category
Supply Chain
Confidence
98% confidence
Finding
axios==1.6.2

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access, suspicious.exposed_secret_literal

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
src/index.ts:20

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
src/index.ts:253