Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 70% confidence
- Finding
- Without declared permissions the skill's intent is opaque and cannot be validated.
Beta TA Signal Engine
Security checks across malware telemetry and agentic risk
Overview
This skill is a local technical-analysis helper that reads a user-provided price CSV and prints paper-trading setup information.
Install only if you are comfortable letting the agent run this bundled Python script on CSV files you choose. Treat the generated trade setup as analysis or paper-trade planning, not financial advice or an instruction to place live orders.
SkillSpector
By NVIDIA
Vulnerability Patterns
- MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)
VirusTotal
64/64 vendors flagged this skill as clean.