Back to skill

Security audit

GEO Tracker

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it sends user-chosen brand-monitoring prompts to named AI providers and optionally saves a local report.

Install only if you are comfortable sending the selected prompts and brand or competitor names to external AI providers under your API keys. Avoid secrets, personal data, regulated data, or confidential strategy in prompts; set API spending limits; review any scheduled runs; and save generated reports only in locations appropriate for potentially sensitive audit data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
96% confidence
Finding
The skill advertises and instructs use of capabilities that access environment variables, read/write files, and perform network requests, but it does not declare any permissions or trust boundaries. This creates a transparency and policy-enforcement gap: users and host systems cannot accurately assess what the skill will access, and scheduled execution amplifies the risk of undisclosed data access or exfiltration.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README explicitly states that prompts are sent to third-party AI engines via their APIs, but it does not warn users that prompts may contain proprietary business data, customer information, or other sensitive content. In a GEO auditing tool, users are likely to submit internal brand strategy, competitor analysis, and prompt libraries at scale, so the lack of privacy and data-handling guidance increases the chance of unintended disclosure to external providers.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill is designed to send user-provided brand names, prompts, competitor data, and audit content to multiple third-party AI providers, yet it does not warn users that this data will leave the local environment. In a marketing/audit context, prompts may contain sensitive business strategy, customer data, or confidential competitive research, so undisclosed transmission to external services presents a real privacy and compliance risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script sends each prompt and brand/competitor query to external AI services without any explicit disclosure, confirmation, or redaction step. In this skill’s context, prompts may contain sensitive business strategy, customer data, or unreleased competitive research, so silent network transmission creates a real confidentiality risk even if it is expected behavior for the tool.

Missing User Warnings

Low
Confidence
87% confidence
Finding
When --output is used, the tool writes a markdown report containing raw prompts, brands, and full engine responses to disk without warning the user that potentially sensitive audit inputs and third-party outputs will be stored. This can expose confidential marketing plans or internal research to other local users, backups, or downstream systems that ingest the report.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script sends user-supplied queries to external AI providers without any explicit notice, consent flow, or data-classification guardrails. If operators include sensitive business data, customer information, or internal strategy in prompts, that data is transmitted to third-party services and may be logged or retained under those providers' policies.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.