Security audit

Semantic Grep

Security checks across malware telemetry and agentic risk

Overview

The skill appears to provide semantic code search, but its install instructions and activation scope need human review before installation.

Review the README before installing, do not use any embedded token from the documentation, and only enable this skill if its triggers are narrowed and you are comfortable with it searching or indexing the intended project files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The README makes a strong '100% offline capable' claim while also providing an installation path that uses a live registry token, which is inconsistent and security-relevant. This can mislead users into trusting the skill as fully offline/safe while encouraging networked installation with embedded credentials, increasing the chance of token misuse or unsafe deployment assumptions.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The README exposes a live-looking access token directly in install instructions, which may enable unauthorized use of a registry account or encourage users to normalize handling secrets in plaintext. In agent-skill context, README commands are especially dangerous because users and tools may copy-paste or auto-execute installation steps without scrutinizing embedded credentials.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger keyword "semantic search" is very broad and can match many ordinary user requests that are not clearly intended for this specific skill. In an agent ecosystem, overly broad activation can cause the wrong skill to run, potentially indexing or searching local codebases unexpectedly and exposing repository contents or creating unintended side effects.

Vague Triggers

Medium

Confidence: 97% confidence
Finding: The trigger keyword "semgrep" is ambiguous because it collides with the well-known Semgrep security tool, while this skill is for a different package named semgrepll. This can misroute user intent, causing accidental invocation of this skill when the user likely meant the security scanner, which is especially risky because this skill operates on local source code and project indexing.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal