Back to skill

Security audit

AI 足迹

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed AI Footprints bookmark-management integration that uses a user-provided token to read and update collections, with no hidden executable payload in the submitted artifact.

Install only if you trust the AI Footprints service and are comfortable giving the agent access to read and modify your personal and shared collections. Treat FOOTPRINTS_TOKEN like a password: keep it out of chats, logs, and source control, and rotate it if exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs users to place a long-lived access token in configuration and shows a concrete token variable without any explicit warning that the token is sensitive, should be minimally scoped, and must never be logged, shared, or embedded in prompts/output. Because this skill grants access to personal and shared bookmark data, accidental disclosure of the token could let an attacker read or modify a user's collections through the agent integration.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.