Back to skill

Security audit

Iknowkungfu

Security checks across malware telemetry and agentic risk

Overview

This skill performs a local read-only scan of agent history and installed skills to recommend missing skills, with no evidence that it installs, changes, or sends data anywhere.

Install only if you are comfortable with a local read-only review of your agent memory, recent logs, configuration, cron context, and installed skill files. Review each recommended skill yourself before running its install command, especially if it would add network access, file writes, account actions, or credential handling.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (11)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill is presented as a discovery and recommendation engine, but it instructs the agent to perform a security scan across installed skill directories. That expands data access and analysis scope beyond what a user would reasonably expect from 'what skills am I missing,' creating unnecessary inspection of local files and increasing exposure to sensitive content.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The procedure directs broad inspection of all files in installed skill directories for obfuscation, env-var harvesting patterns, override phrases, and execution-related constructs. Even if framed as a 'quick scan,' this is effectively a local security review capability embedded in a recommendation skill, which materially broadens access to code and configuration without a strong functional need.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly states the skill reads workspace memory, installed skills, configuration, and recent logs, which can contain secrets, personal data, and sensitive operational context. Although it claims the process is local and read-only, the lack of a prominent upfront privacy warning and clear consent boundary means users may trigger broad local inspection without understanding the scope of data access.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The manifest description includes broad natural-language trigger phrases such as 'what skills am I missing', 'recommend skills', and 'what should I install', which can overlap with ordinary user conversation rather than an explicit command invocation. In an agent environment, this increases the chance the skill activates unintentionally, causing unnecessary scanning of local workflow artifacts like memory, logs, configs, and installed skills, which expands privacy exposure and can interfere with normal routing.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The research pattern uses very broad terms like "search," "find," "compare," and "analyze," which are common in ordinary user requests. In a skill discovery engine, this can cause over-triggering and unintended skill recommendations or workflow classification, reducing user control and potentially routing sensitive requests into the wrong capability path.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The communication pattern includes generic words such as "message," "send," "reply," and "channel," which appear frequently in normal conversation. In this skill's context, that can cause unintended invocation of communication-related recommendations and misclassification of user intent, creating noisy or privacy-impacting automation suggestions.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The writing pattern contains broad terms like "edit," "content," "draft," and "post," which can match many unrelated tasks. For a discovery engine, this increases false activations and can lead to incorrect skill recommendations, especially when the system analyzes agent behavior automatically.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The productivity pattern relies on vague everyday terms like "task," "plan," "meeting," and "project," which are common across many domains. This broad matching can make the skill discovery engine trigger on ordinary dialogue and recommend unrelated productivity skills, undermining reliability and potentially exposing more behavioral context than intended.

Vague Triggers

Low
Confidence
81% confidence
Finding
The automation pattern includes ambiguous terms like "trigger" and "workflow," which are common in technical and non-technical contexts. This is less severe than other broad categories, but it can still cause unintended activation and recommendation noise in an automatic classifier.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs reading MEMORY.md, daily memory logs, and conversation history to infer user workflows, but provides no user-facing notice that potentially sensitive personal or operational data will be accessed. This creates a privacy and transparency problem because the data sources may contain confidential details unrelated to skill recommendations.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The instructions tell the agent to enumerate user-installed and system skill paths and inspect local files and configuration data without clearly warning the user. This is risky because it expands local filesystem access beyond the obvious expectations of a skill recommendation feature and may reveal private configuration, code, or embedded secrets.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.