Back to skill

Security audit

Toani Vault CLI

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed helper for the Toani Vault CLI, with sensitive token and sandbox capabilities that fit its stated purpose but require careful use.

Install only if you intend to use Toani Vault and trust the external npm CLI package. Avoid copying unrelated secrets during login, keep sandbox actions tied to explicit requests, verify target URLs before credential-backed actions, and decline optional Claude/Codex skill installation unless you want persistent Toani instructions there.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.