Security audit

Swagger Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is advertised as a Swagger/OpenAPI generator, but its included script mainly creates local history storage and history export/search features rather than generating API specs.

Review carefully before installing. Do not paste proprietary API specs, internal endpoints, secrets, or unreleased contract details into this tool unless you are comfortable with local retention under ~/.local/share/swagger-generator. The maintainer should either implement the advertised Swagger/OpenAPI generator or clearly relabel and disclose the local history behavior with opt-in storage, redaction, deletion, and retention controls.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (5)

Description-Behavior Mismatch

High

Confidence: 99% confidence
Finding: The script's advertised purpose is OpenAPI generation/validation, but its actual behavior is to collect and retain user-supplied inputs in local logs. This is dangerous because users may provide API definitions, tokens, internal endpoints, or proprietary schema details expecting processing, while the tool instead creates a persistent data store with no clear need or consent.

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The script adds unrelated capabilities for exporting, searching, and browsing stored history, which materially increase the exposure of previously submitted data. In the context of an API tooling skill, these features make sensitive API descriptions easier to enumerate and exfiltrate from local storage without serving the claimed core function.

Vague Triggers

Medium

Confidence: 73% confidence
Finding: The broad 'Use when' language can cause the orchestrator or user to invoke this skill for many API-related tasks beyond its safe or actual scope. In the context of a skill already flagged for misleading behavior, overbroad activation increases the chance that sensitive API material is routed into a tool that may store data unexpectedly or fail to perform the promised validation tasks.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: User input is written verbatim to persistent log files without warning, consent, retention controls, or redaction. Because inputs to this skill may include internal API paths, example payloads, credentials, or schema content, silent persistence creates confidentiality and privacy risk even on a local workstation.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The script is built around persistent collection plus convenient search/display/export workflows over those logs, which turns transient user submissions into an easily retrievable archive. In a Swagger/OpenAPI context, that archive can contain sensitive service metadata and may be accessed later by other local users, backup systems, or malware.

VirusTotal

51/51 vendors flagged this skill as clean.

View on VirusTotal