outreach-sequence-crafter

Security checks across malware telemetry and agentic risk

Overview

This is a scoped outreach-drafting skill with a disclosed local helper script that can generate a JSON draft file.

Safe to install for drafting outreach content. Before running the helper script, choose an output path that will not overwrite important files, and review generated outreach for accuracy, consent, and anti-spam or legal requirements before sending it externally.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 84% confidence
Finding: The skill advertises use of a local script to generate structured artifacts and the static analyzer detected file-write capability, but the manifest declares no corresponding permissions or explicit write scope. That mismatch can cause the agent to write files without transparent user awareness or policy gating, which is risky even if the intended use is benign draft generation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal