Aicoo Snapshots

Security checks across static analysis, malware telemetry, and agentic risk

Overview

The skill appears intended for note snapshot/history management, but its instructions broaden into note editing and bulk note operations without clear confirmation safeguards.

Review this skill carefully before installing. It is not showing evidence of malware or data exfiltration, but it can affect persistent note content; only use it if you are comfortable with its restore/edit workflows, and require explicit confirmation before any rollback, overwrite, bulk note operation, or direct note edit.

SkillSpector (3)

By NVIDIA

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The skill is scoped as snapshot/history management, but the documentation includes direct note editing and bulk note enumeration workflows. That expands the effective capability of the skill beyond its declared purpose, increasing the chance an agent uses it to modify note contents or operate over many notes when the user only intended backup/versioning actions.

Vague Triggers

Medium

Confidence: 78% confidence
Finding: The trigger list contains broad phrases such as 'restore' and 'undo changes' that can collide with common user language and invoke the skill unexpectedly. Because this skill can perform state-changing operations, accidental activation raises the risk of unintended snapshot creation or restoration.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill documents restore and edit operations without an explicit warning that they modify note state and may overwrite current content. In an agent setting, omission of confirmation guidance can lead to destructive actions being taken without the user's informed consent.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal