Back to skill

Security audit

Kv Embed Store

Security checks across malware telemetry and agentic risk

Overview

This is a coherent embedding-backed key-value store, with the main privacy risk that key/search text and the embedding API key are sent to the configured provider.

Install only if you are comfortable sending key names and search queries to your chosen embedding provider. Use a trusted HTTPS base URL, protect the API key, avoid storing secrets or regulated identifiers as keys, and review the separate plugin package referenced by the install command if you use plugin mode.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Tainted flow: 'BASE_URL' from os.environ.get (line 29, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
def embed(texts: list[str], api_key: str) -> np.ndarray:
    """Get embeddings from SiliconFlow API."""
    resp = requests.post(
        f"{BASE_URL}/embeddings",
        headers={"Authorization": f"Bearer {api_key}"},
        json={"model": MODEL, "input": texts, "encoding_format": "float"},
Confidence
98% confidence
Finding
resp = requests.post( f"{BASE_URL}/embeddings", headers={"Authorization": f"Bearer {api_key}"}, json={"model": MODEL, "input": texts, "encoding_format": "float"}, t

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly embeds user-supplied key text through a third-party embedding provider, which means key/value-associated content may leave the local environment. The documentation explains provider configuration but does not clearly warn users that stored material can be transmitted externally for embedding, creating a privacy and data-handling risk if users store secrets, internal project details, or regulated data.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
Keys and search queries are transmitted to an external embedding service, but the CLI provides no explicit disclosure or consent mechanism. In a value store, users may reasonably assume local-only handling, so sensitive identifiers or query content could be sent off-box unexpectedly.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.