Back to skill

Security audit

mdstr

Security checks across malware telemetry and agentic risk

Overview

The skill is a straightforward markdown-to-JSON helper, with an optional API example that users should treat as sending selected file contents to OpenAI.

Before installing, verify that the npm package `mdstr` is the package you intend to run. Use the OpenAI/curl example only with markdown files you are comfortable sending to that API under your account, and review or redact sensitive prompts, credentials, private docs, or internal notes first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill includes an example that sends markdown-derived prompt content to an external API but does not warn that the file contents will leave the local environment. In an agent/tooling context, users may run examples on sensitive prompt files, docs, or internal instructions without realizing they are being transmitted to a third party.

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
SYSTEM_PROMPT=$(mdstr system-prompt.md)
curl -s https://api.openai.com/v1/chat/completions \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $OPENAI_API_KEY" \
  -d "$(jq -n --argjson prompt "$SYSTEM_PROMPT" '{
Confidence
74% confidence
Finding
curl -s https://api.openai.com/v1/chat/completions \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $OPENAI_API_KEY" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
SYSTEM_PROMPT=$(mdstr system-prompt.md)
curl -s https://api.openai.com/v1/chat/completions \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $OPENAI_API_KEY" \
  -d "$(jq -n --argjson prompt "$SYSTEM_PROMPT" '{
Confidence
74% confidence
Finding
https://api.openai.com/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.