Security audit

Lucky Collaborative Research (Lucky + Jinx)

Security checks across malware telemetry and agentic risk

Overview

This research skill is understandable, but it asks agents to broadly collect webpages and move them to a hardcoded machine and analysis agent without enough user control or scoping.

Install only if the Lucky/Jinx setup, localhost API, SSH key, destination host, and storage paths are yours or have been edited to your environment. Use it only on approved public sources unless you intentionally need private data, review captured files before transfer, redact secrets or personal data, and require explicit approval before asking Jinx to execute any analysis script.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The skill explicitly tells users to ask Jinx to execute analysis scripts, which expands the workflow from passive research into arbitrary code execution on the analysis system. Even if framed as analysis, this creates a path for untrusted scraped content, prompts, or operator instructions to trigger command/script execution beyond the documented purpose of processing local research data.

Intent-Code Divergence

High

Confidence: 97% confidence
Finding: The skill contains contradictory security guidance: it says to pass only text/HTML and never code, but elsewhere instructs users to request script execution. This inconsistency is dangerous because it undermines operator trust boundaries and makes it easy for unsafe execution behavior to be normalized or justified despite the stated safeguards.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The workflow instructs broad collection of full page text and HTML, then transfer of that data to another system, without requiring data minimization, consent checks, or handling rules for secrets, personal data, or proprietary content. In a research context, this increases the risk of over-collection and unintended movement of sensitive information from websites, dashboards, documentation portals, or user-generated content.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal