Back to skill

Security audit

Echotik Api Assistant

Security checks across malware telemetry and agentic risk

Overview

This skill is an EchoTik API assistant, but its setup script stores reusable API credentials as plaintext in the user's shell profile with limited warning and control.

Install only if you are comfortable with EchoTik queries being sent to EchoTik and with the setup script storing your EchoTik username and password in your shell profile. Prefer using a dedicated low-privilege EchoTik API credential, review the generated profile block after setup, and consider replacing the plaintext exports with your own secret manager or session-only environment variables.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The script persists EchoTik credentials by modifying the user's shell profile, creating long-lived plaintext secrets outside the immediate runtime. That exceeds a narrow API-routing assistant role and increases exposure through local file disclosure, backups, dotfile sync, shell history-related handling, and unintended inheritance by future processes.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The managed block writes the username and password directly into a shell profile as plaintext export statements. Plaintext secret storage is dangerous because any process, user, backup system, or sync tool with access to the profile can recover reusable credentials, and future shells will automatically expose them to child processes.

Intent-Code Divergence

Low
Confidence
85% confidence
Finding
The prompt tells the user credentials will be saved into shell environment variables, but the implementation actually persists them in the shell profile file. This mismatch undermines informed consent and can cause users to disclose secrets without understanding they are being written permanently to disk.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly directs live EchoTik API execution but does not disclose that user prompts, business queries, and selected parameters may be sent to an external service. This creates a real privacy and data-handling risk because users may provide commercially sensitive research targets, market plans, or identifiers without informed consent, especially in a workflow framed as a local assistant action.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The instruction to route all creator- or influencer-related questions through this module first is overly broad and can cause the agent to select this skill before verifying whether the request actually fits the safest or most appropriate workflow. In a tool-using agent, broad first-routing rules increase the risk of incorrect tool invocation, unnecessary authenticated API access, and parameter mapping on ambiguous user requests.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
When credentials are provided via CLI arguments, the script accepts them and later persists them without presenting any warning or confirmation. This is risky because CLI-supplied secrets may already leak via process listings, shell history, or audit logs, and the script compounds that exposure by silently writing them to a persistent profile file.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
script/echotik-api.mjs:64