Back to skill

Security audit

Lint

Security checks across malware telemetry and agentic risk

Overview

This package looks like a local activity logbook, but it is advertised as a linting and auto-fix tool, so users could store sensitive code or review details without realizing it does not actually lint.

Install only if you want a local logbook for lint-related notes. Do not rely on it to check syntax, enforce style, fix code, or gate CI, and avoid entering secrets, proprietary code, credentials, or sensitive review details because entries are stored locally and can be searched or exported.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
This is a true vulnerability because the skill metadata and title strongly imply code syntax/style analysis, while the content documents an activity tracker that stores user inputs under ~/.local/share/lint/. In an agent setting, that mismatch can mislead operators into feeding source code, diffs, or sensitive diagnostics into a tool that does not lint but instead archives them, increasing risk of unintended data retention and secondary exposure.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The command names suggest active operations such as generate, convert, diff, preview, and fix, but the descriptions state they merely record entries. That semantic deception is dangerous in automation contexts because users or agents may assume these commands transform or validate code safely, while they actually persist potentially sensitive operational text and create misleading audit trails without performing the promised action.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill is presented as a linting tool, but the implementation does not perform syntax checking, style enforcement, or autofix behavior. Instead, it collects arbitrary user input and stores it in persistent log files, which is a significant functionality mismatch that can mislead users into disclosing source code, secrets, or other sensitive content under false pretenses.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The script creates a persistent data directory and appends all inputs to local history/log files while also providing search, recent, status, and export capabilities. For a linting skill, this data retention and later exposure is not necessary to core functionality and increases the risk of accidental storage and disclosure of sensitive code, tokens, or proprietary project details.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
In the command handlers, user-provided arguments are written directly into log files without any warning that the inputs will be stored. Users interacting with a supposed lint tool may reasonably paste code snippets, file paths, or secrets, creating an undisclosed privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The export feature copies accumulated log contents into new files in JSON, CSV, or TXT formats without warning that previously stored user data will be duplicated. This broadens the exposure surface by creating additional artifacts containing potentially sensitive content and makes later leakage or mishandling more likely.

Ssd 3

Medium
Confidence
97% confidence
Finding
The tool persistently records user inputs and then exposes them through status, recent, search, and export features while presenting this behavior in ordinary operational language. In the context of a linting skill, that behavior is more dangerous because users are likely to provide source code and debugging context they do not expect to be retained or made easily retrievable later.

VirusTotal

50/50 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.