Security audit

Multisage

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims, but it can automatically look through local environment files for an API key and may send ordinary prompts to an external multi-AI service too broadly.

Install only if you trust the Multisage CLI and are comfortable sending prompts to Multisage and downstream AI providers. Configure MULTISAGE_API_KEY through a deliberate secret or environment setup, avoid grepping or printing .env files, and do not use this skill with secrets, private code, regulated data, or costly deep research unless you explicitly intend to share that content and spend the credits.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Context-Inappropriate Capability

Medium

Confidence: 98% confidence
Finding: The skill explicitly tells the agent to inspect shell state and local files like .env and ~/.env to locate an API key, then reuse it automatically. That exceeds the narrow purpose of answering a user query and can expose or repurpose credentials from the host environment without clear user consent, which is especially risky because this skill runs with Bash access.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The invocation guidance includes broad phrases like wanting multiple perspectives or comprehensive analysis, which could cause the skill to trigger during ordinary conversation rather than from a clear request. Because the skill sends prompts to an external service, over-broad activation increases the chance of unintended data disclosure and unnecessary third-party calls.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill description emphasizes better answers but does not prominently warn that user questions are transmitted to external AI providers, including multiple providers in parallel. This weakens informed consent and can lead to accidental disclosure of sensitive prompts to third parties.

Ssd 3

Medium

Confidence: 99% confidence
Finding: The skill directs the agent to read environment files and shell variables to discover a MULTISAGE_API_KEY and use it automatically. This can expose credentials that were provisioned for another workflow or outside the current task, turning the skill into a credential-harvesting and reuse mechanism rather than a simple query tool.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal