Back to skill

Security audit

Skylight

Security checks across malware telemetry and agentic risk

Overview

This Skylight skill matches its stated calendar purpose, but it asks users to handle sensitive account tokens and optionally intercept HTTPS app traffic without enough safety guardrails.

Review before installing. Prefer the email/password flow only if you are comfortable giving the agent access to your Skylight household data, avoid the HTTPS proxy token-capture method unless you fully understand TLS interception, remove any trusted proxy certificate afterward, and rotate or revoke exposed tokens where possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The README explicitly instructs users to capture a live authentication token using an HTTPS interception proxy, which normalizes credential/session interception as part of setup. Even if intended for the user's own account, this expands the skill's operational scope beyond ordinary calendar management and encourages handling highly sensitive auth material in a way that can expose accounts if proxy configuration, logs, or captured traffic are mishandled.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation recommends using HTTPS proxy tools like Proxyman, Charles, or mitmproxy to capture auth tokens but provides no warning that these tools can expose credentials, session tokens, and other personal household data. In the context of a family calendar/chores skill, this is especially risky because intercepted traffic may include private schedules, children-related data, and account access that could be replayed if a token is leaked.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs users to install an HTTPS interception proxy, trust its root certificate, and capture live Authorization headers from the Skylight app. That normalizes man-in-the-middle credential interception without warning about the risks of exposing session tokens, decrypting unrelated app traffic, or weakening device trust settings, which can lead to account compromise and privacy exposure.

External Transmission

Medium
Category
Data Exfiltration
Content
emoji: 📅
    requires:
      bins:
        - curl
      env:
        - SKYLIGHT_FRAME_ID
    primaryEnv: SKYLIGHT_EMAIL
Confidence
80% confidence
Finding
curl env: - SKYLIGHT_FRAME_ID primaryEnv: SKYLIGHT_EMAIL --- # Skylight Calendar Control Skylight Calendar frame via the unofficial API. ## Setup Set environment variables: - `SK

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.