Codepal

Security checks across malware telemetry and agentic risk

Overview

CodePal appears to be a local developer activity logger rather than malware, but it can save and export whatever a user enters.

Install only if you want a local activity/history logger. Do not enter secrets, tokens, private source code, vulnerability details, or confidential notes unless you are comfortable with them being saved under ~/.local/share/codepal and later exported. Treat the AI-analysis wording as overstated, verify the installed codepal command points to the reviewed script, and remove the local data directory when you no longer need the history.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Rogue AgentSelf-Modification, Session Persistence
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (8)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 97% confidence
Finding: The skill is presented as an AI-powered code analysis tool, but the documented behavior is primarily persistent logging, search, export, and note-taking of arbitrary user inputs. This mismatch is dangerous because users may supply proprietary code, secrets, incident notes, or internal findings expecting transient analysis, while the skill instead stores and later exports that data from local logs without making the risk prominent.

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The manifest and opening description frame the skill as code-analysis intelligence, but the document describes a broad local data collection and export utility. This discrepancy can mislead users into entering sensitive repository content or prompts under false assumptions about purpose and handling, increasing the chance of accidental data exposure.

Description-Behavior Mismatch

High

Confidence: 95% confidence
Finding: The advertised purpose is AI-powered codebase analysis, but the implementation mainly records arbitrary user-provided text and later replays or exports it. That mismatch is dangerous because users may provide sensitive source snippets, secrets, or internal notes under the assumption they are being analyzed transiently, while the tool instead builds a persistent local prompt/history store.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The script creates a persistent data directory and supports logging, search, recent-history viewing, and export of stored inputs, none of which are necessary for basic codebase analysis. In a developer tool context, users commonly paste proprietary code, vulnerability details, or credentials, so retaining and making them easily searchable/exportable increases the chance of local privacy leakage and secondary exposure.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill states that command inputs are logged and exportable, but it does not provide a clear warning at the point of use that sensitive code, credentials, tokens, or internal notes may be permanently written to disk. In a developer-tool context, users are especially likely to paste confidential material, making silent persistence materially risky.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: At this location the tool appends raw user input directly into persistent log files without warning the user that the data will be retained and later available through search/export commands. Because this skill is presented as a code analysis assistant, users may reasonably submit confidential code or tokens, making silent persistence a meaningful confidentiality risk.

Ssd 3

Medium

Confidence: 96% confidence
Finding: Persistently logging all user-provided inputs across commands creates a direct data leakage pathway for source code, vulnerability notes, credentials accidentally pasted into prompts, and other sensitive natural-language content. The ability to search and export those logs compounds the risk by making aggregation and exfiltration easier once sensitive data has been captured.

Session Persistence

Medium

Category: Rogue Agent
Content: ## When to Use 1. **Code review tracking** — Use `check`, `lint`, and `validate` to log issues discovered during code review sessions, then `search` to find them later 2. **Learning unfamiliar codebases** — Use `explain` to document your understanding of code patterns, then `report` to create summaries 3. **Code generation and templating** — Use `generate` to log code generation prompts and `template` to track template usage 4. **Diffing and debugging** — Use `diff` to record code changes and `fix` to document bug fixes, creating an audit trail 5. **Team metrics and reporting** — Use `stats` for activity summaries, `export json` to feed into dashboards, and `recent` for quick status checks
Confidence: 80% confidence
Finding: create summaries 3. **Code generation and templating** — Use `generate` to log code generation prompts and `template` to track template usage 4. **Diffing and debugging** — Use `diff` to record code c

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal