Back to skill

Security audit

Find Skills

Security checks across malware telemetry and agentic risk

Overview

This is not clear malware, but it needs review because a skill-finding package also gives broad third-party API instructions for messaging, scraping, media generation, and data processing.

Install only if you intentionally want a broad SkillBoss/HeyBossAI API gateway, not just a skill finder. Use a dedicated API key, review any curl or helper command before running it, avoid sending sensitive files, audio, images, prompts, contact data, or phone numbers unless third-party processing is acceptable, and require explicit confirmation before any email, SMS, scraping, or profile-lookup action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The manifest and description claim the skill helps users discover and install skills, but the body actually exposes a general-purpose third-party API for chat, media generation, document processing, search, email, and SMS. This capability mismatch is dangerous because it can cause the orchestrator to invoke the skill under innocuous 'how do I do X' requests while silently granting access to broad outbound and externally impactful operations unrelated to the declared purpose.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
Including outbound email and SMS/OTP operations in a skill presented as a skill-finder creates unjustified externally impactful functionality. If auto-invoked, this could enable unsolicited messaging, spam, OTP abuse, or user-confusing side effects without clear consent or relevance to the user’s request.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill exposes broad unrelated capabilities such as chat, image/video generation, TTS/STT, music, document processing, and web search despite being described as a discovery/install helper. This expands the attack surface and makes accidental or policy-bypassing invocation more likely because common user requests may route into a skill with much broader privileges than expected.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The file documents broad search, scraping, profile lookup, and content-retrieval capabilities that go beyond the stated skill purpose of helping users discover and install agent skills. This scope creep is dangerous because it expands what downstream agents may invoke under an innocuous skill label, increasing the chance of privacy-invasive collection or unintended data access without user awareness.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The web scraping section includes capabilities for profile, company, product, image, news, and search extraction that are not justified by a skill whose stated purpose is finding and installing skills. In context, this mismatch is more dangerous because such tooling can enable mass collection of third-party data, profiling, and terms-of-service-sensitive scraping under a misleadingly benign skill identity.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The file documents operational capabilities far beyond the skill's stated purpose of discovering and installing skills, including document parsing, email, SMS, and presentation generation. This mismatch can mislead users and reviewers about the true reach of the skill, increasing the risk of unexpected data handling or action-taking through capabilities that are not clearly scoped in the manifest.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The description says the skill helps when users ask questions like 'how do I do X,' which is broad enough to match many everyday prompts. In context, that is risky because the skill behind that trigger is not a narrow help tool but a general remote-service gateway with messaging, search, and content-generation features.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The markdown documents email sending and SMS verification flows without warning about privacy, consent, billing, or external side effects. That omission is dangerous because it normalizes impactful actions and may lead users or agents to transmit messages or personal contact data to third parties without informed approval.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The markdown advertises scraping and profile-search capabilities without any warning about privacy, data handling, legality, consent, or operational safeguards. In a skill-discovery context, this omission makes the file more dangerous because users or agents may treat these actions as routine and low-risk, leading to collection of personal or sensitive third-party data without appropriate controls.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation lists email and SMS sending models, which enable outbound transmission to third parties, but provides no warning about external data transfer, recipient targeting, or user-consent expectations. In a skill framed as skill discovery/installation, these capabilities are more dangerous because users may not anticipate that their content or contact data could be sent outside the agent environment.

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.