Policy Delta Watcher

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a local policy-change drafting helper with a disclosed optional Python script, not a hidden or destructive tool.

Install only if you are comfortable running a bundled Python helper on policy documents you select. Avoid sensitive inputs unless appropriate for your workspace, and use a deliberate output path because an existing file at that path may be replaced.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 85% confidence
Finding: The skill declares no permissions, yet its instructions explicitly reference local file inputs/outputs and shell execution via python3. This creates a trust and review gap: operators may treat it as low-risk policy analysis while it can access files and invoke an interpreter, increasing the chance of unintended data access or execution in sensitive environments.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: A description-behavior mismatch is dangerous because it disguises a general auditing/inspection capability as a narrow policy-diff skill. If the underlying behavior can scan directories, inspect files, parse datasets, and dynamically switch modes from spec.json, the skill could be invoked in contexts where users do not expect broad local analysis, leading to overcollection of data or misuse of privileged access.

Missing User Warnings

Low

Confidence: 74% confidence
Finding: The script writes to any user-supplied output path and will overwrite an existing file without confirmation or safety checks. In an agent or automation context, this can clobber important local files, especially if the output path is influenced by untrusted inputs or mistaken operator assumptions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal