Security audit

Byted Security SkillsScanner

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Volcengine skill scanner, but it can upload full local skill contents and use cloud credentials with limited privacy safeguards.

Install only if you are comfortable sending the selected skill or archive to Volcengine or another configured scan endpoint. Use a dedicated least-privilege Volcengine key, review the target directory for secrets or proprietary data first, avoid untrusted archives, and be aware that small uploads may be echoed in terminal or CI logs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The script packages user-specified local content and uploads it to a scanning endpoint, which means workspace skill contents are exfiltrated to another service for analysis. Even if this is the intended architecture, the skill description does not clearly disclose that scanning is remote, so users may unintentionally send proprietary code or secrets off-host.

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The script reads cloud credentials from environment variables and uses them to sign outbound requests, a privileged capability beyond what the skill description says. This expands the trust boundary: a skill that appears to only scan files can also access and use sensitive credentials present in the agent environment.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The README explicitly instructs users to package an entire skill directory and upload it to a remote Volcengine scanning service, but it does not clearly warn that the package may contain sensitive data such as embedded secrets, proprietary prompts, internal documentation, or user data. Because this is a security-scanning skill, users may be more likely to trust it and submit third-party skills wholesale, increasing the chance of unintended data exfiltration or privacy violations.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: Local skill contents are uploaded for remote scanning without any visible warning, confirmation, or data-classification check. In a security-scanning context this is especially risky because skills may contain prompts, code, tokens, or internal business logic that users expect to remain local.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.