Back to skill

Security audit

技能使用记录与统计(Nicki)

Security checks across malware telemetry and agentic risk

Overview

This is a local skill-usage tracker, but it asks for automatic session-history scanning and persistent activity logging without clear user controls.

Review before installing. Use only if you are comfortable with automatic local tracking of skill activity and possible session-history inspection; prefer explicit opt-in logging, a clear disable/delete mechanism, and narrow event-based records instead of background history scanning.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
83% confidence
Finding
The skill describes persistent usage logging to a local JSON file but does not declare corresponding permissions. Undeclared write capability reduces transparency and prevents proper review of what data is stored, especially since the skill claims automatic operation without user action.

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The skill promises automatic tracking with no user action, but the described implementation does not clearly provide a trustworthy automatic trigger and instead relies on vague heartbeat/session scanning. This mismatch is dangerous because users and reviewers may consent to behavior they do not accurately understand, including hidden collection or unreliable logging.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The skill claims it will automatically track all skill invocations without clearly defining when tracking runs, what counts as a tracked event, or what boundaries apply. Ambiguous automatic collection semantics can enable broader-than-expected monitoring of user activity and make it difficult to assess privacy impact.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill explicitly documents automatic session-history scanning and persistent storage of usage records, yet gives no privacy notice, consent mechanism, retention period, or data handling limits. Because session history can contain user-associated activity metadata, undisclosed collection and retention create meaningful privacy and compliance risk.

Ssd 3

Medium
Confidence
92% confidence
Finding
Automatic session-history scanning to infer and log skill usage can collect user interaction data without explicit consent. Even if the logged schema appears minimal, the act of scanning and retaining user-associated activity metadata introduces privacy exposure and can normalize hidden surveillance behavior within the agent environment.

Ssd 3

Medium
Confidence
90% confidence
Finding
The headline promise of automatic tracking of all skill calls without user action encourages undisclosed retention of activity data tied to user interactions. In this skill context, the danger is increased because the feature is framed as frictionless and installed-by-default behavior, which lowers the chance of meaningful user awareness or consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.