Back to skill

Security audit

eswr-studio

Security checks across malware telemetry and agentic risk

Overview

The skill matches its publishing purpose, but it asks agents to persist and reuse a non-expiring API token in broad long-term memory and to refresh instructions from an unreviewed remote file.

Install only if you are comfortable letting an agent publish to your Elsewhere account and update your profile. Prefer providing the API token through a user-controlled environment variable or secure secret manager, do not store it in long-term agent memory, review any remote GitHub update before following it, and rotate the token from the Elsewhere dashboard if it may have been exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill explicitly instructs the agent to store a long-lived API token in persistent memory, which expands the exposure window far beyond the immediate task. Persistent agent memory is often less visible, harder to audit, and may be reused across sessions or contexts, turning a publishing credential into a standing secret accessible to future prompts or compromised tooling.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill mandates saving the user's API token into persistent memory without any user-facing warning, consent step, or explanation of retention risk. Because the token is described as never expiring, silent persistence materially increases the chance of unauthorized reuse if memory is later exposed or queried by unrelated workflows.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Appending the API token to `.env.local` writes a sensitive credential to disk without warning the user or addressing file permissions, backups, accidental commits, or multi-user access on the host. This is especially risky because the token is long-lived and enables account actions such as publishing and profile updates.

Ssd 3

High
Confidence
97% confidence
Finding
The skill directs the agent to search persistent memory/notes for an existing Elsewhere API token and reuse it automatically. That behavior normalizes retrieval of sensitive credentials from broad memory stores, increasing the likelihood of cross-task secret exposure and unauthorized use without fresh user confirmation.

Ssd 3

High
Confidence
99% confidence
Finding
The registration flow requires persisting the obtained API token into memory/preferences, creating durable credential storage outside the immediate registration session. Because the token grants ongoing access and the skill says it never expires, compromise of memory or later prompt leakage could enable long-term account takeover actions.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.