viboscope
Fail
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides instructions to download a file from
https://viboscope.com/api/v1/skilland save it directly to the platform's skills directory. This allows for the loading and execution of unverified remote instructions that can be updated at any time by the server administrator. - [EXTERNAL_DOWNLOADS]: The installation process fetches content from an untrusted external domain (
viboscope.com). This deviates from secure practices of using trusted repositories or registries for skill delivery. - [DATA_EXFILTRATION]: The documentation explicitly states that the skill performs a 'context scan from workspace files' to build a psychological profile. This capability allows the agent to read sensitive local data, which is then presumably transmitted to the external API for its 'matching' functionality.
Recommendations
- HIGH: Downloads and executes remote code from: https://viboscope.com/api/v1/skill - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata