Security audit

i18ncheck

Security checks across malware telemetry and agentic risk

Overview

This is a local i18n scanning tool with disclosed repo-changing hook and baseline features that users should run deliberately.

Install if you want a local i18n scanner, but treat `i18ncheck hook install` and `i18ncheck baseline` as repository-changing commands. Review any generated `lefthook.yml` or `.i18ncheck-baseline.json`, keep the license key private, and remember that allowlists or baselines can hide known findings from later scan output.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 84% confidence
Finding: The skill documentation indicates file-writing behavior such as installing git hooks and creating repository files, but the metadata does not declare corresponding permissions. This weakens transparency and consent boundaries: users or orchestrators may invoke a skill believing it is read-only when it can modify the local repo or hook execution path.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 80% confidence
Finding: The advertised purpose is an i18n scanner, but the skill also performs license handling, config access, repository hook installation, watch mode, CI integration, and baseline file management. While these features may be product-related rather than malicious, the mismatch increases the chance of users invoking broader system-changing behavior than expected.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The script reads a per-user config file from $HOME (~/.openclaw/openclaw.json) to influence allowlist behavior, even though its stated purpose is local i18n scanning. This creates an unnecessary trust boundary crossing: results can be silently altered by ambient user-specific state outside the scanned project, reducing scan integrity and potentially hiding findings.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The hook-install flow modifies the repository by copying config and installing a pre-commit hook, yet the markdown does not prominently warn that this changes project behavior on future commits. Silent or poorly disclosed hook installation can surprise users, disrupt workflows, and create a persistence mechanism inside the repo.

Missing User Warnings

Low

Confidence: 81% confidence
Finding: The baseline command creates `.i18ncheck-baseline.json` in the repository but does not clearly warn the user that a new tracked file may be added. This is a smaller issue than hook installation, but still represents undisclosed filesystem mutation that can affect commits and repository state.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal