Back to skill

Security audit

Onemind Skill

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real OneMind API helper, but it can create accounts and write live participation data without enough consent or sandbox safeguards.

Install only if you intentionally want an agent to interact with OneMind. Treat signup, joining, proposing, and rating as live remote actions; require the agent to show the exact request and payload and get your approval before any write, and avoid running the included test script against production unless you are authorized and intend to create real records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The report asserts that POST /participants is a working endpoint even though the only documented result is an anonymous insert blocked by RLS with HTTP 401. This is dangerous because it misrepresents a failed authorization-path test as success, which can mislead users into trusting unverified write behavior and deploying or operating against production with incorrect security assumptions.

Intent-Code Divergence

Medium
Confidence
99% confidence
Finding
The report states POST /ratings is working even though Test 7 was explicitly skipped due to the absence of a valid proposition_id. Declaring skipped functionality as production-ready undermines trust in the report and can lead to unsafe reliance on untested write flows in a production environment.

Intent-Code Divergence

Medium
Confidence
99% confidence
Finding
The report states POST /ratings is working even though Test 7 was explicitly skipped due to the absence of a valid proposition_id. Declaring skipped functionality as production-ready undermines trust in the report and can lead to unsafe reliance on untested write flows in a production environment.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs the agent to join a public chat and submit propositions and ratings using a persistent participant identity, but it does not clearly warn that these actions create durable public contributions attributable to that identity. This can cause unintended disclosure, reputational harm, or unauthorized participation if a user or agent performs writes without explicit informed consent.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The document normalizes anonymous signup and subsequent authenticated API use without any security guidance on token handling, account creation controls, or transmission of user-supplied content. In a skill context, this can lead downstream implementations to create disposable accounts, expose bearer tokens in logs, or send sensitive content over network calls without adequate safeguards, increasing abuse and data leakage risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document contains concrete curl examples targeting a production Supabase instance, including unauthenticated POST requests, without any prominent warning about interacting with live systems or risking real data changes. In skill context, this is more dangerous because agent users may copy or automate the commands directly, causing unintended writes, noisy security events, or impact to production data and availability.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document includes live write operations such as account signup, joining a chat, submitting propositions, and recording rankings, but gives no warning that these actions modify remote state or create accounts. In an agent-skill context, this is dangerous because an automated agent could replay these steps against production services, causing unauthorized data creation, spam, or reputation-impacting actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
SKILL.md:46