Free Buddy Skills

Security checks across malware telemetry and agentic risk

Overview

This skill coherently fetches public opencode.ai free model metadata and updates the local WorkBuddy model configuration, with no evidence of hidden credential access, exfiltration, or destructive behavior.

Install this only if you want WorkBuddy configured to use opencode.ai free models. Run it interactively, review the models it proposes, and keep a backup of ~/.workbuddy/models.json if your current configuration matters. For stricter supply-chain hygiene, review or pin the GitHub/Gitee source before installing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 94% confidence
Finding: The skill performs network access and local file read/write operations, but does not declare permissions or prominently warn users before doing so. This creates a transparency and consent problem: a user may invoke the skill expecting simple guidance while it silently reaches out to a third-party service and modifies a local configuration file.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The README explicitly states that WorkBuddy will automatically query remote model lists, write to the user's `~/.workbuddy/models.json`, and validate the configuration, but it does not mention any confirmation, review step, or trust boundary. Automatically modifying local configuration based on remote content can expose users to unwanted configuration changes or malicious model endpoints if the source is compromised.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The installation instructions tell users that WorkBuddy will automatically download and install the skill from GitHub/Gitee without any safety warning, pinning, or integrity verification guidance. This creates a software supply-chain risk because users may install and execute unreviewed remote code directly from mutable repositories.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger phrases are broad enough to match generic requests like '免费 AI 模型' or 'free model', which can cause the skill to activate outside the user's intended context. Because the skill can perform network requests and write to configuration files, accidental invocation increases the risk of unintended external calls and local state changes.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill states it will 'automatically detect and configure' models but does not clearly warn up front that it will contact opencode.ai to fetch model data. Hidden or insufficiently disclosed network behavior is risky because it can surprise users, leak usage metadata to a third party, and normalize remote actions without informed consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal