Incident Postmortem Assistant

Security checks across malware telemetry and agentic risk

Overview

This is a local incident postmortem drafting helper; its normal shipped configuration is purpose-aligned and does not show network access, credential use, background persistence, or hidden external actions.

Install if you want a local draft generator for incident postmortems and are comfortable running its python3 helper on files you choose. Keep inputs scoped to incident materials, review the generated output before sharing, and do not modify resources/spec.json to enable the dormant audit modes unless you intentionally want broader local inspection.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 87% confidence
Finding: The skill declares no permissions, yet its instructions explicitly allow use of python3 plus local file input/output and shell/exec. This creates a capability/consent gap: reviewers and users may believe the skill is documentation-only, while it can actually read local resources and write generated output, which increases the chance of unexpected data access or execution in sensitive environments.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 94% confidence
Finding: A postmortem-assistant skill is expected to summarize incident evidence, but the analysis indicates broader audit/scanning behavior such as directory traversal, CSV/TSV inspection, regex-based secret/risky-pattern scanning, manifest validation, and mode-switching via spec.json. That mismatch is dangerous because it can disguise a general-purpose local inspection tool as a narrow SRE drafting assistant, leading users to expose unrelated files and enabling over-collection of sensitive data.

Description-Behavior Mismatch

High

Confidence: 96% confidence
Finding: The script dispatches multiple broad-purpose modes such as directory auditing, CSV auditing, pattern scanning, and skill auditing that exceed the declared scope of an incident postmortem assistant. This creates a capability mismatch: users can repurpose the skill to inspect arbitrary local content and enumerate metadata, which increases data exposure risk and violates least-privilege expectations for the skill.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The built-in regex scanner looks for secrets, internal URLs, and risky shell patterns across arbitrary files, which is unrelated to generating postmortem drafts. In this skill context, that turns the tool into a lightweight reconnaissance utility that can surface sensitive snippets from local repositories or documents, making accidental disclosure more likely.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The skill can audit arbitrary skill directories, enumerate required files, and parse SKILL.md frontmatter, which is unrelated to incident postmortem assistance. This broadens the tool into a generic validator for local projects and enables inspection of directory contents outside the advertised purpose, undermining user trust in the skill's declared scope.

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal