Back to skill

Security audit

Felo LiveDoc

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-aligned, but it can upload content and delete remote Felo knowledge-base data without clear confirmation safeguards.

Install only if you intend to use Felo as an external knowledge-base service. Use a revocable Felo API key, review the bundled script before running it, avoid uploading secrets or regulated/private documents unless approved, and require explicit confirmation before any delete or bulk update command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly promotes create, update, delete, upload, and retrieval operations against a remote Felo API, but it does not warn users that invoking the skill can modify remote knowledge bases or transmit uploaded documents and URLs off-box. In an agent-skill context, missing disclosure increases the risk of unintended destructive actions and accidental exfiltration of sensitive content because users may treat the skill as a local documentation helper rather than a networked data-management tool.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill documents delete operations for LiveDocs and resources and instructs immediate execution, but provides no confirmation, preview, or warning before destructive actions. In an agent context, this increases the chance of accidental or overly broad deletion caused by ambiguous user requests or mis-resolved identifiers.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill encourages uploading documents, adding URLs, and running semantic retrieval against an external Felo service, but does not warn that user-provided content and queries will be transmitted off-platform. This can lead to unintended disclosure of sensitive documents, internal URLs, or confidential search terms.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/run_livedoc.mjs:207