Security audit

Code Snippet

Security checks across malware telemetry and agentic risk

Overview

This is a simple local code-snippet manager with expected local storage and optional clipboard copying, with no evidence of hidden network access or deceptive behavior.

Install only if you are comfortable with code snippets being stored locally in ~/.code_snippets.json and optionally copied to your clipboard. Avoid storing passwords, API keys, credentials, or highly sensitive proprietary code as snippets unless that local persistence is acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 84% confidence
Finding: The skill documentation shows operational capabilities that imply reading files, writing stored snippets, and invoking shell commands, but it declares no permissions. That creates a transparency and consent problem: users and the platform cannot accurately assess what resources the skill may access, and under-declared capabilities can hide risky behavior behind a benign description.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 76% confidence
Finding: The stated purpose is a snippet manager, but the behavior includes deletion and clipboard copying that are not clearly disclosed in the description. Undisclosed destructive or system-interacting actions increase user surprise and can be abused or triggered without informed consent, especially when handling developer content that may include secrets or proprietary code.

Vague Triggers

Medium

Confidence: 71% confidence
Finding: Broad trigger phrases such as generic developer terms can cause the skill to activate during ordinary conversation rather than deliberate invocation. Accidental activation is risky here because the skill can operate on user-provided code and potentially perform file or clipboard-related actions without clear intent.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.