Back to skill

Security audit

Edith API Keys

Security checks across malware telemetry and agentic risk

Overview

This is a transparent Unkey API-key management skill, but it gives an agent privileged control over Edith API keys.

Install only if you want the agent to manage Edith API keys in Unkey. Store UNKEY_ROOT_KEY securely, avoid logging or displaying it, prefer the least-privileged Unkey credential available, and require explicit confirmation before listing, updating, creating, or permanently deleting keys.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
82% confidence
Finding
The workflow trigger 'When the user asks to manage Edith API keys' is broad for a user-invocable skill that performs sensitive administrative actions with a root credential. Overly loose activation increases the chance the agent interprets ambiguous language as authorization to create, modify, or revoke keys, causing unintended destructive or privileged operations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill is designed around a highly privileged root key and demonstrates sending it in Authorization headers to an external service, but it does not prominently warn that compromise of this credential would allow full key-management actions. In a voice/agent context, normalizing use of a root secret without strong handling guidance increases the risk of accidental disclosure, misuse, or unsafe deployment practices.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The revoke flow performs permanent deletion of API keys but does not include a clear warning about irreversibility or operational impact. In a conversational interface, this raises the chance of accidental service disruption if a key is deleted without the user fully understanding that dependent plugins or devices will immediately lose access.

External Transmission

Medium
Category
Data Exfiltration
Content
Create a key for a plugin developer or device. Optionally set a name, expiration, or rate limit.

```bash
curl -s -X POST https://api.unkey.dev/v1/keys.createKey \
  -H "Authorization: Bearer $UNKEY_ROOT_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
91% confidence
Finding
curl -s -X POST https://api.unkey.dev/v1/keys.createKey \ -H "Authorization: Bearer $UNKEY_ROOT_KEY" \ -H "Content-Type: application/json" \ -d '{ "apiId": "'"$UNKEY_API_ID"'", "name": "

External Transmission

Medium
Category
Data Exfiltration
Content
Create a key for a plugin developer or device. Optionally set a name, expiration, or rate limit.

```bash
curl -s -X POST https://api.unkey.dev/v1/keys.createKey \
  -H "Authorization: Bearer $UNKEY_ROOT_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
91% confidence
Finding
https://api.unkey.dev/

External Transmission

Medium
Category
Data Exfiltration
Content
### List all keys

```bash
curl -s "https://api.unkey.dev/v1/apis.listKeys?apiId=$UNKEY_API_ID" \
  -H "Authorization: Bearer $UNKEY_ROOT_KEY"
```
Confidence
88% confidence
Finding
https://api.unkey.dev/

External Transmission

Medium
Category
Data Exfiltration
Content
Permanently delete a key by its `keyId`.

```bash
curl -s -X POST https://api.unkey.dev/v1/keys.deleteKey \
  -H "Authorization: Bearer $UNKEY_ROOT_KEY" \
  -H "Content-Type: application/json" \
  -d '{"keyId": "{{keyId}}"}'
Confidence
94% confidence
Finding
https://api.unkey.dev/

External Transmission

Medium
Category
Data Exfiltration
Content
### Update a key (rename, change rate limit, set expiry)

```bash
curl -s -X POST https://api.unkey.dev/v1/keys.updateKey \
  -H "Authorization: Bearer $UNKEY_ROOT_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
92% confidence
Finding
https://api.unkey.dev/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.