Security audit

Pinme Share

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says, but it needs review because it can publicly publish local files, auto-installs an npm CLI, and may persist an AppKey unexpectedly.

Review before installing. Use it only for files you are comfortable making public permanently, preinstall and verify the PinMe CLI yourself if possible, avoid using PINME_APPKEY for secrets you expect to remain ephemeral, and check/logout any stored PinMe credentials after testing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (7)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: stderr("ℹ️ pinme CLI not found, installing via npm...") npm_global = os.path.expanduser("~/.npm-global") try: r = subprocess.run( ["npm", "install", "-g", "pinme", "--prefix", npm_global], capture_output=True, text=True, timeout=180, )
Confidence: 90% confidence
Finding: r = subprocess.run( ["npm", "install", "-g", "pinme", "--prefix", npm_global], capture_output=True, text=True, timeout=180, )

subprocess module call

Medium

Category: Dangerous Code Execution
Content: if not pinme: return None, "pinme CLI not found" try: result = subprocess.run( [pinme] + args_list, capture_output=True, text=True, timeout=timeout, env=env_with_npm_bin(),
Confidence: 69% confidence
Finding: result = subprocess.run( [pinme] + args_list, capture_output=True, text=True, timeout=timeout, env=env_with_npm_bin(), input=input_text,

subprocess module call

Medium

Category: Dangerous Code Execution
Content: return False, f"npm install failed: {e}" if r.returncode != 0: try: r2 = subprocess.run( ["npm", "install", "-g", "pinme"], capture_output=True, text=True, timeout=180, )
Confidence: 90% confidence
Finding: r2 = subprocess.run( ["npm", "install", "-g", "pinme"], capture_output=True, text=True, timeout=180, )

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: Auto-installing a third-party CLI via npm gives the skill package-management and code-execution capability beyond its stated purpose. In context, this is dangerous because the skill handles local files and AppKeys, so a malicious or compromised package could exfiltrate data or credentials immediately.

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The code claims the `PINME_APPKEY` environment override does not persist, but it actually writes that key into the PinMe CLI configuration when not already configured. This violates user expectations for ephemeral secret handling and can leave credentials stored on disk or in external tool state after a one-shot run.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger phrases are broad enough to match common requests like 'upload this file' or 'give me a public link,' which increases the chance of accidental invocation. In this skill, unintended invocation is more dangerous because the action publishes local files or directories to a public, effectively permanent IPFS-backed service.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: `cmd_show_appkey` returns CLI appkey output and local configuration status without a strong warning that the result may expose credential material or masked-secret metadata to callers and logs. In an agent context, even partially revealed secrets and their presence can be sensitive and may be surfaced to untrusted users or systems.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal