Security audit
Toani Vault CLI
Security checks across malware telemetry and agentic risk
Overview
This skill is a disclosed helper for the Toani Vault CLI, with sensitive token and sandbox capabilities that fit its stated purpose but require careful use.
Install only if you intend to use Toani Vault and trust the external npm CLI package. Avoid copying unrelated secrets during login, keep sandbox actions tied to explicit requests, verify target URLs before credential-backed actions, and decline optional Claude/Codex skill installation unless you want persistent Toani instructions there.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
62/62 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
