Back to skill

Security audit

Workopilot Service Builder

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a coherent WorkoPilot integration helper, but it tells agents to inspect existing project config files and place API keys there, which creates an under-scoped credential-handling risk.

Install only if you are comfortable with the agent helping configure WorkoPilot credentials. Do not let it read or edit existing secret/config files automatically; prefer environment variables, a dedicated .env.workopilot file ignored by git, or a secret manager, and insert real API keys yourself.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs the agent to inspect the current project for existing configuration files such as .env, appsettings.json, or config locations and place API keys there. That expands the agent from guidance into secret discovery and modification of local sensitive files, which can expose credentials, alter unrelated application configuration, or normalize writing secrets into insecure locations.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The document says API keys must not be exposed or committed, but then tells the agent to detect project config locations and configure the API key there. This contradiction weakens secret-handling boundaries and can cause an agent to justify touching sensitive files despite the surrounding warnings, increasing the chance of accidental credential disclosure or unsafe storage.

Ssd 3

Medium
Confidence
97% confidence
Finding
Instructing the agent to inspect local project configuration files and place API keys into them creates a credential-handling hazard. In a skill that may operate over arbitrary user projects, this can lead to discovery of existing secrets, accidental disclosure in chat output, writes to tracked files, or propagation of secrets into insecure storage patterns.

Credential Access

High
Category
Privilege Escalation
Content
**应该做的:**
- 使用 `.env.workopilot` 存储本地开发配置,用于协助用户配置喔壳的各种服务
- 检测当前是否存在配置文件,比如.env appsetting.json,config等按照当前的项目配置地方来配置apikey,这个配置是用于接口调用服务时使用 
- 确保 `.gitignore` 包含 `.env.workopilot` 和 `.env.local`
- 生产环境使用环境变量或密钥管理服务(如 AWS Secrets Manager)
- 可以提交 `.env.workopilot.example` 作为模板,但只包含占位值
Confidence
95% confidence
Finding
.env

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.