Security audit

Ai Provider Bridge

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward AI-provider bridge, but users should understand that non-Ollama providers receive prompt and conversation data.

Install only if you intend to use an AI API bridge. Use Ollama for local-only processing, and treat Anthropic, OpenAI, Google, xAI, and Mistral as external services that may receive prompts, conversation history, and system prompts. Do not send secrets, regulated data, or proprietary content to a cloud provider unless that provider is approved for your use case.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The README states that the software processes and stores data locally and does not transmit data externally unless explicitly configured by the user, but the documented normal usage for Anthropic, OpenAI, Google, xAI, and Mistral necessarily sends prompts and possibly sensitive data to third-party cloud APIs. This mismatch can mislead users into exposing confidential data under a false expectation of local-only handling, especially since only Ollama is actually local by default.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The README promotes seamless switching among cloud and local providers but does not clearly warn that selecting a cloud provider sends user prompts/data to external services. In a tool designed as a provider abstraction layer, that omission increases the chance that developers treat all backends as equivalent and accidentally route sensitive information to third parties.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The documentation encourages use of multiple cloud AI providers but does not clearly and prominently warn that prompts, system prompts, and other user-supplied data will be transmitted to third-party services when non-local providers are selected. In a bridge skill whose main purpose is swapping between local and cloud backends, this omission can mislead users into exposing sensitive workspace or conversational data under the assumption that processing is local or privacy-neutral.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The bridge sends full conversation history and the system prompt to third-party AI providers (Anthropic, OpenAI, Google, xAI, and Mistral) with no built-in consent gate, warning, redaction, or provider-specific privacy control. In a reusable skill intended to abstract provider switching, this creates a real data exposure risk because users or downstream developers may unknowingly route sensitive prompts, secrets, or personal data off-host simply by changing the model configuration.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal