Back to skill

Security audit

Signal CLI

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it uses a local Signal CLI setup to look up contacts and send user-directed Signal messages.

Install only if you trust your local signal-cli setup and are comfortable letting the agent use your registered Signal account. Confirm the exact recipient, message text, and attachments before sending, and avoid broad contact lookups unless needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill invokes local shell commands (`signal-cli`, `python3 scripts/...`) but does not declare any permissions, so it understates its operational capabilities. This can bypass expected review and consent boundaries: a user may trigger local command execution and outbound messaging without the permission model clearly advertising those risks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.