Security audit

Research Logger

Security checks across malware telemetry and agentic risk

Overview

This skill mostly does what it says, but it has under-disclosed file and note persistence behavior users should review before installing.

Install only if you are comfortable with the skill sending research topics to external search/GIF tools and creating persistent Bear notes. Avoid sensitive topics or templates until the /tmp copy behavior is fixed, template paths are constrained, and the grizzly dependency is pinned.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (3)

Missing User Warnings

Low

Confidence: 91% confidence
Finding: The skill description and quick-start flow do not clearly warn users that running the skill will read a local workspace template file and create notes in Bear. This is a real transparency and consent issue: a user may invoke the skill expecting passive research assistance, but it performs local file reads and writes to an external notes application, which can surprise users and lead to unintended disclosure or modification of personal note data.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: User-supplied research topics are sent to external services via web_search, web_fetch, and gifgrep without any explicit privacy notice, consent gate, or data classification check. If users provide sensitive internal topics, project names, credentials, or regulated data, the skill could leak that information to third-party providers and create unintended records outside the local environment.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script writes generated note content to Bear and, on failure, falls back to /tmp/research_${TOPIC// /_}.md without warning or secure file handling. /tmp is a shared, predictable location on many systems, which can expose sensitive note contents to other local users, backups, or opportunistic reads, especially if the topic or summary contains confidential material.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal