Back to skill

Security audit

Portable Tools

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate portability guide, but it repeatedly encourages users to expose real OAuth/keychain token values during debugging.

Review before installing or following the examples. The checklist script itself looks limited, but users should not paste, print, screenshot, or log real access tokens, refresh tokens, keychain password output, or raw credential JSON. Use redacted prefixes/suffixes, lengths, hashes, field-presence checks, and expiry timestamps instead.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill contains shell command examples that access sensitive system stores and files, but it declares no permissions or equivalent warning/metadata. That mismatch can cause downstream systems or users to underestimate what the skill may prompt them to run, increasing the chance of unsafe execution or review bypass.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation shows token-like values in BEFORE/AFTER examples and frames success as proving token changes with exact values. Even if illustrative, this normalizes copying, exposing, or logging secrets into chat, terminals, screenshots, or docs where they may be retained or leaked.

Missing User Warnings

High
Confidence
98% confidence
Finding
These debugging instructions explicitly ask the user to reveal exact values and identify which keychain entries contain tokens, without any safeguard about redaction. This creates a direct credential disclosure risk because users may paste live secrets from password stores into logs, chats, or issue trackers.

Missing User Warnings

High
Confidence
97% confidence
Finding
The real-world example retrieves keychain data, validates it, and logs account selection/errors around credential-bearing content, but the surrounding documentation provides no warning against exposing secrets during troubleshooting. In this context, readers are encouraged to operate directly on live credential stores and may inadvertently print or share sensitive data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal, suspicious.generated_source_template_injection

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
SKILL.md:51

User-controlled placeholder is embedded directly into generated source code.

Critical
Code
suspicious.generated_source_template_injection
Location
SKILL.md:132