Raindrop Sync

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Raindrop.io bookmark sync skill, with expected token use and local bookmark persistence that users should configure deliberately.

Install only if you want an agent to access your Raindrop.io bookmarks. Use the least-privileged or read-only token available, keep .secrets/raindrop.env private, choose collections deliberately, and enable cron or heartbeat syncing only if you want ongoing automatic storage of bookmark-derived content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill instructs use of environment secrets, writes to local memory/index files, and performs outbound network access, but it declares no permissions or trust boundaries. This creates a mismatch between what the skill can do and what a reviewer or runtime may expect, increasing the risk of unintended secret exposure, unauthorized file modification, or unnoticed external communication.

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The trigger phrases include generic terms like "bookmarks" and "new saves," which could cause the skill to activate for ordinary user requests unrelated to Raindrop.io. Over-broad activation can lead to unintended execution of networked sync behavior or file updates in contexts where the user did not intend this skill to run.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal