viboscope
Fail
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions provide a command to download a file from
https://viboscope.com/api/v1/skilland save it into the local environment's skills directory. - [REMOTE_CODE_EXECUTION]: By encouraging the download and execution of a remote skill file (
viboscope.md) from an untrusted third-party domain, the skill allows for the injection of arbitrary instructions or logic from a remote server into the AI agent's execution context. - [DATA_EXFILTRATION]: The skill performs a 'context scan from workspace files' to build a psychological profile. This involves reading local data and potentially transmitting it to the vendor's API (
viboscope.com), creating a high risk of exposing sensitive project code, environment variables, or other private workspace information. - [EXTERNAL_DOWNLOADS]: The skill references a third-party GitHub repository (
github.com/ivankoriako/viboscope) that is not associated with an established trusted organization.
Recommendations
- HIGH: Downloads and executes remote code from: https://viboscope.com/api/v1/skill - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata