Back to skill

Security audit

Deadline

Security checks across malware telemetry and agentic risk

Overview

This is an offline command-line content/deadline logging tool with local plaintext history, but I found no hidden network, credential, destructive, or deceptive behavior.

Install only if you are comfortable with drafts, schedules, translations, and other entered text being saved locally in plaintext under `~/.local/share/deadline/`. Avoid entering secrets or confidential material, review or delete that directory when needed, and verify the `deadline` command points to the reviewed script.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The skill is presented as a deadline assistant, but the documented behavior spans broad content-generation, editing, storage, search, and export capabilities. This mismatch can mislead users and orchestrators into invoking a much more capable tool than expected, increasing the risk of unintended collection and retention of sensitive user content.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation description, 'Use when you need deadline,' is vague and overly broad, which can cause the skill to be selected in contexts beyond simple deadline management. Because the skill also stores and processes varied content, overbroad triggering increases the chance that unrelated or sensitive user input will be routed into persistent logs.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The markdown advertises offline operation and local storage but does not prominently warn users that their inputs are persistently logged across multiple files with history, search, and export features. In a skill handling free-form writing content, this omission is dangerous because users may enter confidential drafts, credentials, proprietary text, or personal data without realizing it will be retained and later discoverable.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script creates a persistent data directory and stores user-supplied content in per-command log files and history without any upfront disclosure, consent, retention policy, or file-permission hardening. In a skill context, users may paste sensitive drafts, schedules, or internal content expecting transient processing, so silent local persistence can expose private data to other local users, backups, or later exports.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The export command aggregates all stored log content into a new file on disk in JSON, CSV, or TXT format without warning that it may duplicate the user's entire history. This increases the attack surface by creating additional copies of potentially sensitive content, and the JSON/CSV generation performs no escaping, which can also corrupt output and create downstream data-handling risks.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.