Back to skill

Security audit

Li Maestro Evaluate

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed threat-modeling workflow that writes local reports and uses optional document-generation scripts, with no artifact-backed exfiltration, deception, or destructive behavior.

Before installing, expect the skill to create local threat-model output files and optional Word/Excel reports. Review the generated reports for sensitive system details, confirm your organization permits sending assessment content to the AI provider, and prefer pinning the two Python dependencies in controlled environments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill describes reading and writing numerous local files and generating reports, yet the metadata shown in SKILL.md does not declare any explicit permissions. That mismatch can cause users or a hosting platform to underestimate the skill's actual access, weakening informed consent and sandbox enforcement.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The skill claims to perform an interactive end-to-end threat-modeling assessment, but the content also indicates report generation from pre-existing phase files and packaging behavior not reflected in the user-facing description. This description-behavior mismatch can mislead operators about what the skill really does and what inputs or preconditions it needs, increasing the chance of unsafe or incorrect use.

Unpinned Dependencies

Low
Category
Supply Chain
Content
python-docx>=1.1.0
openpyxl>=3.1.0
Confidence
91% confidence
Finding
python-docx>=1.1.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
python-docx>=1.1.0
openpyxl>=3.1.0
Confidence
91% confidence
Finding
openpyxl>=3.1.0

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.prompt_injection_instructions

Prompt-injection style instruction pattern detected.

Warn
Code
suspicious.prompt_injection_instructions
Location
SKILL.md:1875