Back to skill

Security audit

Eagle Skill

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Eagle library management skill that can change your library, so use it only with your trusted local Eagle server and confirm bulk edits.

Install only if you want an agent to operate your Eagle library. Keep EAGLE_SERVER_URL unset unless you intentionally use a trusted endpoint, and require explicit confirmation before trash moves, tag merges, tag group deletion, or broad folder/tag changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill documents a destructive action, item_move_to_trash, but does not require explicit confirmation or warn that the operation can affect many items at once. In an agent setting, this increases the chance of unintended bulk deletion from ambiguous prompts, prompt injection, or model error, especially because the tool directly changes user data rather than merely reading it.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The CLI sends tool names and arbitrary parameters over HTTP to a configurable server URL from --server or EAGLE_SERVER_URL with no validation, allowlist, authentication, or user-facing warning. Because parameters can include local file paths, URLs, annotations, tags, and other library metadata, a malicious or misconfigured endpoint could receive sensitive data or induce unsafe off-process actions unexpectedly.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/eagle-api-cli.js:1348