Back to skill

Security audit

Karakeep MCP-First

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Karakeep bookmark-management skill, with normal sensitive access disclosed and a small caution around administrative CLI help commands.

Install only if you want an agent to access and modify your Karakeep bookmarks. Use a limited Karakeep API key if available, avoid exposing secrets in chat or logs, and require explicit approval and backups before any dump, migrate, wipe, delete, archive, or bulk cleanup operation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The manifest describes a skill for saving, searching, organizing, tagging, listing, summarizing, and highlighting Karakeep bookmarks, with CLI/API fallback when needed. Documenting bulk administrative flows such as `dump`, `migrate`, and especially `wipe` expands into instance-level administration and destructive maintenance, which is not an obvious requirement of the stated end-user bookmark-management purpose.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This markdown file includes `karakeep wipe --help` under useful fallback commands, which surfaces a potentially destructive operation. Although the file says to confirm before destructive cleanup elsewhere, this specific section does not warn that wipe-related commands may affect user data or system integrity.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.