Lsp Client

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a real LSP client, but it runs local language-server commands and enables verbose protocol logging that can expose source code and paths in logs.

Review the install source before running the one-line GitHub install, and prefer a pinned release or checksum-verified package. Only configure trusted local LSP servers, because they can receive source code, file paths, workspace metadata, and inherited environment variables. Treat console logs from this skill as potentially sensitive unless verbose protocol tracing is disabled or redacted.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The client enables verbose JSON-RPC tracing and logs server stderr directly to the console. LSP traffic commonly includes full document text, file URIs, workspace paths, diagnostics, and sometimes tokens or secrets embedded in files, so this can expose sensitive user data to logs without user awareness or redaction.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal