Back to skill

Security audit

Beads Task Tracker

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed git-backed task tracker skill, with expected repository writes and Git sync behavior that users should control carefully.

Install this only if you want agents to manage task state in your repository with Beads. Review or restrict bd init, bd hooks install, and bd sync, because they can write .beads/ data, install Git hooks, commit changes, and push task contents to configured remotes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation description uses very broad phrases such as task tracking, issue management, multi-step work, and even keyword mentions of "beads"/"bd" CLI. In an agent environment, this can cause the skill to activate in many unrelated contexts and steer the agent into using repository-modifying tooling unexpectedly, increasing the chance of unnecessary file or workflow changes.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs agents to run `bd sync` and `bd hooks install`, and `bd sync` is described as performing export, commit, pull, import, and push operations. That is materially repository-modifying behavior and can alter git history, install hooks, and transmit changes to remotes without an explicit warning or confirmation step, which is dangerous for autonomous agents.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.