Back to skill

Security audit

Parse YAML/JSON/TOML front-matter from strings or files using the gray-matter library

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate front-matter parsing skill, but it automatically runs an unpinned npm install during normal use, so it needs review before installation.

Install only if you are comfortable with the skill downloading and installing gray-matter from npm the first time it runs. Prefer preinstalling a reviewed, pinned dependency in a controlled environment, and run the parser only on files you intend the agent to read.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
This parsing utility performs dependency bootstrapping at runtime by invoking `npm install gray-matter` if the package is missing. For a skill whose stated purpose is only front-matter parsing, silently modifying the environment and fetching code from the network is dangerous because it executes an external package manager, expands the trust boundary, and can lead to supply-chain compromise or unexpected system changes.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The script uses `execSync('npm install gray-matter', ...)`, which launches a subprocess to install and execute package-manager logic during normal operation. This is not justified by the skill context and is hazardous because `npm install` may run package lifecycle scripts, reach out to external registries, and introduce arbitrary code execution or environment mutation in contexts that expected a pure parser.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The tool automatically installs a package without any user-facing warning, consent, or indication that network access and environment changes will occur. Even if intended as convenience behavior, this undermines operator expectations for a parser and increases the risk of unexpected downloads, policy violations, and silent execution of third-party install hooks.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/parse.js:31