Back to skill

Security audit

WrynAI Skill

Security checks across malware telemetry and agentic risk

Overview

This is a coherent WrynAI web-crawling helper with expected third-party API use and a limited local screenshot file side effect.

Install only if you are comfortable sending target URLs, search queries, page contents, and screenshots to WrynAI. Avoid using it on private, internal, regulated, or secret-bearing pages without approval, verify the wrynai package source, use a revocable API key, and remove or rename screenshot.png when needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The screenshot helper is documented as capture-oriented but also persists the returned image bytes to a local file, creating an unannounced side effect. In an agent skill, this can surprise operators, leave sensitive page captures on disk, and increase the risk of unintended local data retention or later disclosure.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill repeatedly sends user-supplied URLs, search queries, and retrieved page content to the WrynAI third-party service, but the markdown does not warn users about that external transmission. This is dangerous because operators may use the skill on internal, sensitive, or proprietary targets without realizing data leaves their environment.

Missing User Warnings

Low
Confidence
96% confidence
Finding
The screenshot section omits a clear warning that image data is decoded and written to a local file named screenshot.png. This can lead to unexpected persistence of potentially sensitive visual content from crawled pages, especially in shared or ephemeral execution environments.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.