Back to skill

Security audit

Team Tasks.Skip

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent local task coordinator, but it tells agents to send project context and results to hardcoded Telegram-backed destinations without clear user-controlled scoping or privacy safeguards.

Install only if you intend to coordinate trusted agents and can verify or replace the hardcoded Telegram session and group IDs. Avoid putting secrets, customer data, private paths, or proprietary code details in task descriptions, logs, dependency outputs, or relayed summaries; keep the task data directory private.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill clearly instructs use of a Python task manager, reads and writes JSON task files, and references filesystem paths, yet declares no permissions. That mismatch weakens governance and user awareness, making it easier for the skill to perform file and environment interactions without explicit approval boundaries.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill expands from internal task orchestration into direct Telegram messaging and result relay. That creates an external data egress path where task outputs, filenames, project details, or other sensitive content may be sent to third-party channels without clear authorization or minimization controls.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README encourages passing prior stage results and dependency outputs between agents, which can propagate sensitive code, secrets, credentials, customer data, or proprietary context across multiple agent boundaries. In a multi-agent orchestration setting, undocumented data-sharing increases the chance of overexposure, accidental retention, or transmission to agents/sessions with different trust levels.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README instructs users to send tasks via `sessions_send` to worker agents without warning that project prompts, outputs, and related context may be transmitted to separate agent sessions. In this skill's context, that can lead to inadvertent disclosure of internal code, secrets, or regulated data to external or differently scoped execution contexts.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation tells operators to relay agent results to Telegram but provides no warning about sensitive data exposure. In a multi-agent pipeline, outputs can easily include code snippets, internal paths, test results, credentials-in-logs, or proprietary project details, so omission of privacy guidance materially increases accidental leakage risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.