Back to skill

Security audit

Tinker

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed bridge to the Tinker desktop CLI and its plugins, with no artifact-backed evidence of deceptive or malicious behavior.

Install this only if you use and trust the Tinker desktop app and the plugins installed in it. Running the skill may launch Tinker and let the agent operate Tinker plugins through the CLI, so review plugin capabilities before allowing sensitive actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger text is very broad and encourages activating this skill for loosely defined tasks like any work requiring programmatic control of the Tinker app or plugins. In an agent setting, broad routing can cause the skill to run in situations where launching a local desktop app, interacting with plugins, or invoking IPC-backed tooling was not the user's clear intent, increasing the chance of unintended side effects.

Missing User Warnings

Low
Confidence
81% confidence
Finding
The skill states that Tinker will be auto-launched by the CLI if it is not already running, but the skill metadata and guidance do not present this as a user-facing caution before use. For an agent, silently causing a desktop application to start is a meaningful side effect that may surprise users, alter system state, or expose local IPC/plugin surfaces without explicit consent.

Natural-Language Policy Violations

Medium
Confidence
74% confidence
Finding
The troubleshooting instructions tell the user to select a specific Chinese-language menu item ('安装命令行工具') without checking the user's locale or providing a language-neutral alternative. This can confuse users, cause misclicks during setup, and reduce transparency when an agent is directing someone through privileged installation-related UI actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.