Skill Gap Finder

Security checks across malware telemetry and agentic risk

Overview

This is a local skill-directory analysis helper; its main risk is that it reads whatever folder path the user points it at.

Install only if you want a local helper to inspect Skill directories. When using it, point --input at the specific skills folder you intend to review, avoid broad home or project roots containing secrets or private notes, and review any generated report before sharing it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill declares no permissions, yet its instructions explicitly allow using `python3` with input/output files and reference local resources, which implies shell execution and file read/write capabilities. This mismatch weakens policy enforcement and user review because the agent may perform actions beyond what the manifest transparently advertises.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 85% confidence
Finding: The documented purpose is narrowly scoped to skill-gap analysis, but the behavior described by the finding expands into generic directory auditing, text scanning for risky patterns, CSV/TSV inspection, file integrity checks, and arbitrary structured summarization. Overbroad, under-declared behavior is dangerous because it can be used to inspect unrelated data or perform broader reconnaissance than users expect from the skill's stated role.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The implementation substantially exceeds the stated purpose of a skill-gap finder by acting as a generic report generator over arbitrary inputs and directories. This scope mismatch is dangerous because it can mislead users into granting broad filesystem access to a skill that advertises a narrow analysis function, increasing the chance of unintended data exposure and unsafe reuse in other workflows.

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The embedded pattern scanner searches arbitrary files for secrets, internal URLs, and shell-command indicators even though that capability is unrelated to identifying skill-suite gaps. In a skill context, this creates an unjustified sensitive-content inspection feature that can surface confidential material from user-provided directories and broaden the blast radius of misuse.

Context-Inappropriate Capability

Low

Confidence: 89% confidence
Finding: The code recursively samples many text-like files from arbitrary directories, which is broader than necessary for analyzing duplicate or missing skills. This increases the risk that unrelated repository contents, notes, configs, or embedded secrets are ingested and summarized without clear need, especially because users may trust the benign-sounding skill description.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal