Security audit

Orb

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims by publishing artifacts to Orb, but it needs review because it tells agents to persist an API key in local config or shell files and uses broad triggers that can send content to an external service.

Install only if you are comfortable sending artifact content and image assets to Orb-hosted links. Prefer setting ORB_API_KEY yourself through a secure or session-only mechanism, avoid saving it in shell profiles or plaintext config unless you deliberately accept that risk, and confirm before publishing confidential or business-sensitive material.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (5)

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The skill explicitly instructs the agent to persist a user-provided API key into long-lived local configuration files and shell profiles. That exceeds the stated purpose of artifact creation, creates unnecessary secret retention, and can expose credentials to unrelated tools, later prompts, local users, backups, or logs.

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The documented behavior expands from creating hosted artifacts into credential management by writing secrets into user config files. This is a scope mismatch that can mislead users about what the skill will modify and increases the chance of unauthorized persistence of sensitive data.

Vague Triggers

High

Confidence: 94% confidence
Finding: The update triggers include generic phrases like "change," "update," "make it," "fix," and "add," which overlap heavily with ordinary conversation. This can cause the skill to activate unexpectedly and send or overwrite artifact content on an external service when the user did not intend to invoke Orb.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill tells the agent to store the API key persistently without a strong warning that local configuration files and shell profiles will be modified. This undermines informed consent and may leave users unaware that a sensitive secret has been written to disk for future sessions.

Ssd 3

High

Confidence: 99% confidence
Finding: Retaining and storing user API keys across sessions materially increases the attack surface for credential theft and misuse. A secret needed only to authorize API calls should not be written into broadly accessible plaintext config locations unless absolutely necessary and explicitly approved.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal