Security audit

技能使用记录与统计（Nicki）

Security checks across malware telemetry and agentic risk

Overview

This is a local skill-usage tracker, but it asks for automatic session-history scanning and persistent activity logging without clear user controls.

Review before installing. Use only if you are comfortable with automatic local tracking of skill activity and possible session-history inspection; prefer explicit opt-in logging, a clear disable/delete mechanism, and narrow event-based records instead of background history scanning.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (6)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 83% confidence
Finding: The skill describes persistent usage logging to a local JSON file but does not declare corresponding permissions. Undeclared write capability reduces transparency and prevents proper review of what data is stored, especially since the skill claims automatic operation without user action.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 88% confidence
Finding: The skill promises automatic tracking with no user action, but the described implementation does not clearly provide a trustworthy automatic trigger and instead relies on vague heartbeat/session scanning. This mismatch is dangerous because users and reviewers may consent to behavior they do not accurately understand, including hidden collection or unreliable logging.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The skill claims it will automatically track all skill invocations without clearly defining when tracking runs, what counts as a tracked event, or what boundaries apply. Ambiguous automatic collection semantics can enable broader-than-expected monitoring of user activity and make it difficult to assess privacy impact.

Missing User Warnings

High

Confidence: 95% confidence
Finding: The skill explicitly documents automatic session-history scanning and persistent storage of usage records, yet gives no privacy notice, consent mechanism, retention period, or data handling limits. Because session history can contain user-associated activity metadata, undisclosed collection and retention create meaningful privacy and compliance risk.

Ssd 3

Medium

Confidence: 92% confidence
Finding: Automatic session-history scanning to infer and log skill usage can collect user interaction data without explicit consent. Even if the logged schema appears minimal, the act of scanning and retaining user-associated activity metadata introduces privacy exposure and can normalize hidden surveillance behavior within the agent environment.

Ssd 3

Medium

Confidence: 90% confidence
Finding: The headline promise of automatic tracking of all skill calls without user action encourages undisclosed retention of activity data tied to user interactions. In this skill context, the danger is increased because the feature is framed as frictionless and installed-by-default behavior, which lowers the chance of meaningful user awareness or consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.