Security audit

1password

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed 1Password CLI helper; it handles sensitive secrets, but the behavior fits its stated purpose and includes basic secret-handling guardrails.

Install this only if you want an agent to help operate 1Password CLI. Keep the app locked until needed, specify the exact account, vault, and item path, and avoid commands that print unmasked secrets or write keys/configs to disk unless you intentionally requested that handling.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The example writes a secret directly to a local file (`--out-file ./key.pem`) without any warning about filesystem exposure. Even in documentation, this can lead users to persist sensitive material in plaintext where it may be readable by other users, captured by backups, or left behind after use.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The injection example creates a rendered output file (`config.yml`) that may contain resolved secrets, but the documentation gives no warning that the generated file now becomes sensitive data. This increases the chance that users will commit secret-bearing files to source control, leave them on disk, or expose them through logs and backups.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal