Fontpick

Security checks across malware telemetry and agentic risk

Overview

This skill is a review item because it advertises a font-pairing helper but ships a Bash script that mostly stores arbitrary user input in local history files.

Review before installing. This skill does not clearly match its advertised font-pairing purpose, and text entered into its script may be saved locally and later shown, searched, or exported. Avoid entering sensitive client, project, or personal information unless you are comfortable with that local retention.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The script's advertised purpose is a font pairing/typography helper, but its implementation is largely a generic input collection and local activity logging utility. That mismatch is security-relevant because users may disclose prompts or design content to a tool they reasonably believe is task-specific, while the script silently persists and exposes that data through stats, recent, search, and export features.

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The script creates a persistent data directory and writes arbitrary user-provided inputs to log files under the user's home directory, then provides mechanisms to export and review that history. Even without network exfiltration, this creates a local privacy and data exposure risk because sensitive text entered for any command can be retained indefinitely and later accessed by other local processes, users, backups, or support workflows.

Vague Triggers

Medium

Confidence: 81% confidence
Finding: A generic trigger like `help` can be invoked by ordinary user conversation, causing the skill to activate unintentionally outside its intended context. In an agent environment, this can lead to prompt-routing confusion, unexpected behavior, or accidental disclosure of skill-specific instructions and outputs, even though the skill itself appears low risk.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: These command handlers append user input directly to persistent log files without any warning, consent, or sensitivity checks. In the context of an agent skill presented as a font helper, users are less likely to expect on-disk retention, making accidental capture of proprietary design notes, customer data, or other sensitive text more likely.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal