Back to skill

Security audit

Agent Credential Safety

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a credential-safety policy, but it also instructs agents to copy live API keys into another .env file, creating an extra persistent secret copy without clear user approval or containment.

Review this carefully before installing. The skill's general rules are useful for limiting credential exposure, but the bridge example should be changed or treated as manual-only: prefer passing secrets through process-scoped environment variables, and do not let an agent write API keys into project .env files unless you explicitly approve the exact destination and confirm it is protected from source control and broad local access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs copying a secret from the canonical credential store into another tool's .env file, creating an additional plaintext secret copy and modifying user data. Even though it warns not to print secrets, this propagation increases exposure surface, persistence, and the chance of accidental commit or later disclosure, and it does not require explicit user confirmation before altering another file.

Credential Access

High
Category
Privilege Escalation
Content
from dotenv import load_dotenv
import os

load_dotenv(Path.home() / ".localcfg" / "base.env")
key = os.getenv("SOME_API_KEY")  # 只取当前需要的变量

if key:
Confidence
86% confidence
Finding
.env"

Credential Access

High
Category
Privilege Escalation
Content
key = os.getenv("SOME_API_KEY")  # 只取当前需要的变量

if key:
    target_env = Path("/path/to/target/.env")
    content = target_env.read_text()
    if "SOME_API_KEY" not in content:
        target_env.write_text(content + f"\nSOME_API_KEY={key}")
Confidence
97% confidence
Finding
.env"

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.