Keeper Credentials

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate Keeper credential broker, but it deserves review because it persists reusable Keeper authentication material and can optionally rely on a broader Commander persistent-login profile.

Install only in an isolated agent environment. Prefer KEEPER_KSM_TOKEN over --token, avoid inline delivery unless the user explicitly approves the exact recipient and record, protect KEEPER_SKILL_HOME like a secret store, do not mount it into shared tenants, and revoke/delete the Keeper device config when the environment is retired or suspected compromised.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The documentation explicitly instructs operators to persist `ksm-config.json`, a high-sensitivity bound device credential that enables ongoing access to shared Keeper records across sessions. Although file permissions are mentioned, the document does not clearly warn that anyone obtaining this file or mounting the same persistent volume can silently reuse the authenticated device state, making cross-session compromise materially easier.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal