Vikunja Kanban

Security checks across malware telemetry and agentic risk

Overview

This Vikunja Kanban skill appears purpose-related, but its documented permission workaround and insecure authenticated API calls need human review before installation.

Install only if you trust the specific Vikunja endpoint and can review or patch the scripts first. Remove curl -k or configure a proper CA, avoid the documented direct SQL permission workaround except under a controlled break-glass process, and use a least-privilege Vikunja token.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (6)

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The skill is presented as a kanban-board management capability, but the documentation exposes materially broader administrative actions including project sharing, user lookup, password-change flows, token lifecycle management, and database-level permission changes. That expansion of scope increases the chance an agent or operator will use the skill for identity, authorization, or persistence-affecting actions that were not intended or sufficiently controlled.

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The script performs authenticated external network access to a hard-coded remote host and disables TLS certificate verification with curl -k. That combination creates a real risk of token exposure and response tampering via man-in-the-middle attacks, especially in automated agent environments where users may not realize outbound authenticated access is occurring.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The documented workaround instructs operators to modify the PostgreSQL authorization table directly to grant admin rights, bypassing normal API validation, auditing, and permission controls. This is dangerous because it normalizes out-of-band privilege escalation and could lead to unauthorized access, broken integrity, or permanent security misconfiguration in production.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The file accesses a bearer token and sends it to an external service without any user-facing disclosure in the script, which is risky in a skill context where execution may be delegated or implicit. The danger is increased here because the authenticated request also uses insecure TLS settings, making the undisclosed credential use more likely to result in silent token compromise or untrusted data ingestion.

External Transmission

Medium

Category: Data Exfiltration
Content: fi # Create task RESULT=$(curl -sk -X PUT "$VIKUNJA_URL/api/v1/projects/$PROJECT_ID/tasks" \ -H "Authorization: Bearer $TOKEN" -H 'Content-Type: application/json' \ -d "{\"title\":\"$TITLE\",\"description\":\"$DESC\",\"priority\":$PRIORITY}")
Confidence: 96% confidence
Finding: curl -sk -X PUT "$VIKUNJA_URL/api/v1/projects/$PROJECT_ID/tasks" \ -H "Authorization: Bearer $TOKEN" -H 'Content-Type: application/json' \ -d

External Transmission

Medium

Category: Data Exfiltration
Content: # Move to correct bucket (default bucket is 1/Urgent, so move if different) if [ "$BUCKET_ID" != "1" ]; then curl -sk -X POST "$VIKUNJA_URL/api/v1/projects/$PROJECT_ID/views/$VIEW_ID/buckets/$BUCKET_ID/tasks" \ -H "Authorization: Bearer $TOKEN" -H 'Content-Type: application/json' \ -d "{\"task_id\":$TASK_ID}" > /dev/null 2>&1 fi
Confidence: 96% confidence
Finding: curl -sk -X POST "$VIKUNJA_URL/api/v1/projects/$PROJECT_ID/views/$VIEW_ID/buckets/$BUCKET_ID/tasks" \ -H "Authorization: Bearer $TOKEN" -H 'Content-Type: application/json' \ -d

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal