WikiLocal Personal Knowledge Wiki

Security checks across malware telemetry and agentic risk

Overview

This is a local personal-wiki skill that stores user-created notes on disk, with no evidence of hidden network use, credential access, or deceptive behavior.

Install this if you want an agent-managed local wiki and are comfortable with it creating and overwriting Markdown files in its wiki folder. Use a dedicated folder, keep backups, and avoid storing passwords, tokens, or highly sensitive material unless you intentionally want that information persisted locally.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The skill’s activation and action examples are broad and conversationally phrased, without clear trigger boundaries, confirmation requirements, or separation between ordinary dialogue and state-changing wiki commands. In an agent setting, this can cause unintended writes, updates, or linking from ambiguous user text or quoted content, increasing the risk of prompt/command confusion and unauthorized knowledge-base modification.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal