Back to skill

Security audit

Awesome Pentest

Security checks across malware telemetry and agentic risk

Overview

This skill needs review because it claims to browse penetration-testing resources but includes shell commands that save user input into local plaintext logs.

Review before installing. Do not enter credentials, API keys, client data, target details, or sensitive audit notes unless the publisher aligns the implementation with the stated purpose and clearly documents or removes the local plaintext logging behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The skill metadata and documentation claim the skill browses curated pentesting resources and exploit databases, but the static analysis indicates materially different behavior including local storage, logging, export/search over stored data, and no actual browsing. That mismatch is dangerous because users may invoke the skill with sensitive security-research inputs under false assumptions about what it does, leading to unintended local persistence and exposure of data.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The advertised purpose is browsing pentesting resources, but the implemented commands and help text present a different local data-collection utility. This mismatch is dangerous because users may trust the skill under a benign research-oriented description while it actually encourages storage and handling of arbitrary inputs, creating deception risk and enabling covert collection of sensitive data.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The core handlers do not browse resources at all; they append user-supplied data into per-command log files and a history log. In a skill presented as a pentest resource browser, that behavior is deceptive and can capture secrets, targets, credentials, or investigation notes entered by the user under false assumptions.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Commands such as generate, check-strength, rotate, store, retrieve, expire, policy, hash, verify, and revoke resemble credential or secret-management workflows that are unrelated to the stated purpose. That context mismatch makes it more dangerous because users may enter passwords, API keys, or other secrets believing the tool is appropriate for security operations, after which the script stores them in plaintext logs.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The top-level branding claims a security toolkit, which increases user trust, but the implementation is a generic local input logger. Mislabeling a logger as a security tool is dangerous because it can socially engineer users into supplying sensitive operational data that would not be provided to an honestly labeled script.

Vague Triggers

Medium
Confidence
74% confidence
Finding
The command list is broad and minimally described, which makes it hard for users or calling agents to understand what each command does, what side effects it has, or what data it touches. In the context of a skill ostensibly about browsing pentest resources, vague triggers increase the chance of accidental execution of state-changing or privacy-impacting behavior.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
User input is written directly to plaintext log files in the user's home directory and also copied into history.log, with no warnings, consent, redaction, access controls, or retention policy. In this skill context, users may enter passwords, tokens, target details, or sensitive audit notes, so silent persistent logging materially increases the risk of credential leakage and local data exposure.

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
## Usage

Run any command: `awesome-pentest <command> [args]`

---
Powered by BytesAgain | bytesagain.com | hello@bytesagain.com
Confidence
80% confidence
Finding
Run any command

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.