Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 70% confidence
- Finding
- Without declared permissions the skill's intent is opaque and cannot be validated.
Security audit
Ml Experiment Tracker
Security checks across malware telemetry and agentic risk
Overview
This skill is a coherent local helper for creating ML experiment plans, with ordinary caller-directed file input and output that users should point only at intended project files.
Safe to install for local experiment planning. Use input JSON files you intend the agent to read, choose output paths inside your project or artifacts folder, avoid overwriting important files, and do not treat --dry-run as preventing writes.
SkillSpector
By NVIDIA
Vulnerability Patterns
- MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)
VirusTotal
64/64 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.