Beta Quick Skill Maker

Security checks across malware telemetry and agentic risk

Overview

This skill is a small, disclosed helper that creates a local SKILL.md file, with the main caution that it can overwrite that file in the current directory.

Install only if you want a command-line helper that writes a SKILL.md file. Run it from the directory where you intend that file to be created, and avoid using it in a folder with an existing SKILL.md unless you are comfortable replacing it.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill explicitly instructs the user to run `python3 maker.py` and states it creates `SKILL.md` in the current directory, which is a file-write capability. However, the metadata declares no corresponding permissions, creating a mismatch between documented behavior and declared capabilities. This can bypass user expectations and platform policy checks, especially because the tool generates files in the working directory and could overwrite existing content if not constrained.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal