Security audit

easy-html-deploy

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed helper for publishing and managing single-file HTML pages on htmlcode.fun, with sensitive version changes documented and partially guarded.

Install only if you intend to publish HTML to htmlcode.fun. Review pages for secrets or private content before deployment, verify the target code and version before edits, and require explicit confirmation for overwrite, unpublish, switching the public current version, or deletion.

SkillSpector

By NVIDIA

Vulnerability Patterns

Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill describes and invokes file read, file write, and network-capable behavior via a bundled deployment script, but it declares no permissions or equivalent capability boundaries. This creates hidden operational reach: an agent or reviewer may believe the skill is limited to simple deployment guidance when it can also read local files, write outputs, and make remote API calls, increasing the chance of unintended data access or exfiltration.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 93% confidence
Finding: The declared purpose says the skill deploys a single HTML page for instant sharing, but the documented behavior includes modifying existing deployments, deleting versions, switching current public versions, and fetching content. That mismatch can mislead users and orchestration systems into granting or invoking a much more powerful skill than expected, enabling destructive or privacy-impacting actions under an innocuous description.

Tool Parameter Abuse

High

Category: Tool Misuse
Content: - `GET /api/deploy/content?code={code}&version={version}` — read metadata and source. - `GET /api/deploys/{code}/versions` — list version history and `likeCount`. - `PATCH /api/deploys/{code}/versions/{version}` — overwrite or set status for an unlocked version. - `DELETE /api/deploys/{code}/versions/{version}` — delete one unlocked version. Treat deletion as sensitive; ask first unless the user explicitly requested it. - `PATCH /api/deploys/{code}/current` — switch the public current version when needed. ## Response handling
Confidence: 90% confidence
Finding: DELETE /api/deploys/{code}/versions/{version}`

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal