Skill Frontmatter Doctor

Security checks across malware telemetry and agentic risk

Overview

The skill appears broader than a simple metadata repair helper and should be reviewed before installation.

Install only if you intend to use the broader audit/scanning behavior, not just metadata repair. Limit it to specific directories, avoid running it over private or sensitive workspaces, and require explicit approval before file writes or shell commands.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill advertises and enables code-capable behaviors such as file read/write and shell execution, but does not declare any corresponding permissions or constraints in the manifest. This creates a trust and review gap: users and orchestrators may invoke the skill believing it is a low-risk formatting helper when it can access files and run commands.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The declared purpose is narrow frontmatter and metadata repair, but the documented/observed behavior is much broader, including arbitrary directory scanning, content summarization, CSV/TSV inspection, risk-pattern scanning, and behavior driven by an external spec. This mismatch is dangerous because it can cause overbroad access to user data and execution of capabilities users did not meaningfully consent to under the stated purpose.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal