Back to skill

Security audit

Expiring Local Fileshare

Security checks across malware telemetry and agentic risk

Overview

This is a real local file-sharing skill, but it exposes selected files over the network and leaves active share tokens in a predictable temporary log.

Review before installing, especially on shared machines or VPN-connected networks. Only share files you intentionally want reachable, prefer short or one-time links, stop the printed server PID when finished, and be aware the active tokenized link may be readable from a predictable /tmp log while the share is running.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Low
Confidence
89% confidence
Finding
The header comment says the server is 'LAN-only (192.168.0.0/24)', but the implementation actually allows localhost plus all RFC1918 private IPv4 ranges: 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. This is a real security-relevant documentation mismatch because operators may rely on the narrower stated scope and unintentionally expose files to a broader set of VPN or internal-network clients than expected.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The `read_when` triggers are broad enough that the skill may activate for generic requests like 'link' or 'open/view a file', causing file-sharing functionality to be surfaced when the user did not explicitly ask to expose a local file over HTTP. In a skill that creates network-accessible links to local files, overbroad activation increases the chance of unintended disclosure of sensitive workspace content.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill documents HTTP-based sharing and gives an example for `~/secrets.txt`, but it does not present a prominent user-facing warning that links expose file contents to anyone on the reachable local/VPN network who has the token until expiry. This can normalize sharing sensitive files and lead users to expose confidential workspace data without understanding the risk boundary.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This script launches a background HTTP file-sharing server and returns a share link, but it does not present a prominent warning or explicit confirmation that a local file is being exposed over the network. In the context of an agent skill, this increases the risk of accidental data exposure, especially because the script auto-selects a port, starts in the background, and relies on the companion Node script to enforce network and token restrictions correctly.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.