Back to skill

Security audit

Skill Package

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent lead-generation tool, but it needs careful review because it can keep running, deploy public websites, and send cold outreach emails from the user's accounts.

Install only if you are comfortable operating an automated cold-outreach and website-deployment system. Before using it, inspect and pin the external repository, run dry-runs first, use dedicated least-privilege accounts and API keys, secure or rotate the Google service-account key, define approval checkpoints before sends and deployments, and confirm your outreach complies with applicable email and privacy rules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The manifest declares only a subset of the environment variables actually required by the documented pipeline, omitting keys such as ANTHROPIC_API_KEY, OPENAI_API_KEY, and GOOGLE_SHEET_ID that are described as necessary for core stages. This creates a mismatch between declared capabilities and actual behavior, which can cause operators to run the skill without understanding all external services, data flows, and credentials it needs.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill describes generation of run folders containing intake data, research, outreach artifacts, and tracking metadata, but it does not clearly warn that business contact data will be stored locally and in Google Sheets. This increases the risk of unintended retention, oversharing, or insecure handling of phone numbers, emails, addresses, reviews, and outreach history by users who may not realize the persistence footprint.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill is designed to automatically deploy generated websites and send scheduled cold outreach emails, but the description does not prominently warn users about these autonomous external actions. In this context, the omission is more dangerous because the skill interacts with third-party infrastructure and contacts real businesses, creating legal, reputational, spam, and operational risks if enabled without clear operator awareness and consent gates.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The manifest description advertises a fully automated pipeline for discovery, website generation, deployment, and cold outreach, but it does not define clear user-trigger boundaries, approval checkpoints, or operational limits. In a skill that performs external actions across multiple third-party services, this ambiguity increases the chance of unintended mass outreach, unauthorized actions, or misuse beyond the user's intended scope.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document instructs users to create a service account, download a JSON key, and store it in a fixed local path without any guidance on secure handling, access restriction, rotation, or avoidance of long-lived keys. These credentials can grant direct editor access to lead data in Google Sheets, so accidental exposure through local compromise, backups, dotfile sync, or repository inclusion could enable unauthorized access or modification.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.