Back to skill

Security audit

Ml Model Eval Benchmark

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a straightforward local ML model benchmarking helper with no evidence of hidden access, exfiltration, or destructive behavior.

Install only if you are comfortable running a local benchmark script on the datasets and model outputs you provide. Keep inputs scoped to non-sensitive evaluation data where possible, review output paths before running, and be aware that very large inputs may consume local compute or storage.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Lp3

Medium
Category
MCP Least Privilege
Confidence
70% confidence
Finding
Without declared permissions the skill's intent is opaque and cannot be validated.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.