Back to skill

Security audit

AKY-ES

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly an Elasticsearch helper, but its local-only framing conflicts with documented automatic fallback to Elastic Cloud, which could send saved notes or documents off the machine.

Install only if you are comfortable with the skill using Elastic Cloud when local Elasticsearch is unreachable. Before storing sensitive notes, reports, or memory data, verify ES_URL and credential variables, confirm where data will be indexed, and disable or avoid cloud fallback if you expected strictly local storage.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill is presented as a local-only Elasticsearch capability, but the documented behavior silently falls back to Elastic Cloud when localhost is unavailable. That creates an unexpected data egress path where documents intended for local storage may be transmitted to a remote service using configured credentials, violating user expectations and potentially exposing sensitive data.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The environment variables document remote endpoint and credential-based access that is not necessary for the stated local-only purpose. In combination with the fallback behavior, this enables transparent redirection of indexing and search operations to a remote Elastic Cloud deployment, expanding the trust boundary and increasing the risk of unauthorized disclosure or persistence of sensitive data.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation does not clearly warn that operations may be sent to Elastic Cloud when localhost is unreachable. This omission is security-relevant because users may store sensitive notes, reports, or memory data under the assumption that all data remains on the local machine, leading to accidental external transmission.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.