Back to skill

Security audit

meeting-minutes-retriever

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it claims, but its Windows folder-listing helper can turn a supplied folder path into unintended PowerShell commands.

Review before installing, especially on Windows. Use only trusted meeting-note paths and URLs, avoid pointing it at broad sensitive directories or internal network resources, and prefer a fixed version that uses Python-only file enumeration and adds clearer consent and path/URL boundaries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
system_name = platform.system().lower()
    if system_name == "windows":
        command = _build_windows_command(location, recursive)
        output = subprocess.run(
            command,
            capture_output=True,
            text=True,
Confidence
98% confidence
Finding
output = subprocess.run( command, capture_output=True, text=True, encoding="utf-8", errors="replace", check=True,

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill explicitly instructs reading local files, fetching URLs, and using OS-level system commands for directory listing, but no declared permissions or trust boundaries are documented. That mismatch is dangerous because it can enable unexpected access to sensitive local data, outbound network retrieval, and shell invocation without clear user consent or platform mediation.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill uses OS-native subprocesses for a task that can be fully handled in Python, unnecessarily expanding the capability surface from file enumeration to command execution. That broader primitive materially increases risk, especially because one branch is actually vulnerable to PowerShell command injection and the skill processes user-provided local paths.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill is designed to accept arbitrary local file paths, directory paths, and URLs, yet it provides no user-facing privacy or data exposure warning. In context, this is more dangerous because meeting minutes commonly contain confidential business discussions, decisions, participants, and action items, so broad read capability can expose sensitive local or remote content beyond what a user may realize.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.