Env Diff Explainer

Security checks across malware telemetry and agentic risk

Overview

This skill is a local, user-directed configuration review helper with disclosed file input/output and no evidence of network access, persistence, or destructive behavior.

Use this only on copied or scoped configuration files/directories, not an entire private workspace. Redact sensitive values first where possible, review any generated report before sharing it, and choose an output path carefully because the script can write or overwrite the specified report file.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill declares no permissions, yet its instructions explicitly allow use of python3 and imply reading local resources and writing output files. This creates a capability/expectation mismatch that can bypass governance, surprise users, and enable unintended file or shell access in environments that rely on declared permissions for safety decisions.

Description-Behavior Mismatch

High

Confidence: 96% confidence
Finding: The script's implemented capabilities substantially exceed the declared purpose of an environment diff explainer: it can audit arbitrary directories, scan files for patterns, inspect CSV/TSV content, and audit skill package structure. This kind of scope mismatch is dangerous because it broadens the data-access surface and can cause operators to run the tool on unrelated local repositories or datasets, leading to unintended exposure of sensitive file names, headings, paths, and matched snippets in generated reports.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The regex-based pattern scanner searches arbitrary files for secrets, private URLs, and risky shell fragments, then includes matched snippets in output. In the context of an env-diff explainer, this is unnecessary and increases the chance that secret-adjacent content, internal endpoints, or sensitive command text will be surfaced to users or written to disk, especially because findings are reported from arbitrary input paths.

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The skill_audit functionality inspects an arbitrary directory for expected files and parses SKILL.md frontmatter, which is unrelated to explaining environment configuration differences. This expands the tool into repository inspection and metadata analysis, creating unnecessary access to local project structure and content and increasing the likelihood of over-collection or disclosure in reports.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal