Back to skill

Security audit

Zipsa

Security checks across malware telemetry and agentic risk

Overview

Zipsa appears purpose-built for privacy protection, but it asks users to trust an unspecified local gateway with very sensitive data and describes persistence and external alert forwarding without enough controls.

Install only if you can verify the Zipsa server source and configuration. Before using it with real PII, health records, credentials, or business secrets, confirm the gateway is bound to a trusted local endpoint, review logging and retention settings, disable or restrict external alert forwarding unless needed, and test that cloud-bound prompts are actually redacted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly shows sensitive personal and health data being transformed and partially routed to a cloud provider, but it does not clearly warn users that de-identified or abstracted prompts may still carry privacy, regulatory, or re-identification risk. In a privacy-focused skill, this omission is especially dangerous because users may overtrust the system and send highly sensitive data under the assumption that cloud exposure is fully eliminated.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The design explicitly sends detection and incident data to external channels such as Slack, Teams, email, Webhook, and SIEM, while the same document shows those events can contain user identifiers, detection types, target AI service, and endpoint IDs. In a privacy gateway context, forwarding rich security events without explicit minimization, redaction, or administrator warnings can leak sensitive personal or internal security data to third-party systems and broaden the exposure surface.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
Real-time SIEM and Webhook forwarding of audit or detection logs can export sensitive operational metadata outside the local privacy boundary that Zipsa is supposed to protect. Because this skill is specifically marketed as a local-first privacy gateway for highly sensitive data, undocumented external sharing of logs is more dangerous than in a generic monitoring product and may undermine user expectations and compliance posture.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.