Back to skill

Security audit

Creator Campaign Planner

Security checks across malware telemetry and agentic risk

Overview

This skill is a local campaign-planning helper that does not show deception, networking, credential use, persistence, or external system changes.

Install only if you are comfortable with a local Python helper reading the input you choose and optionally writing a report file. Do not point it at sensitive files or broad directories, and review any campaign plan before using it for publishing or external actions. Static scan was clean and VirusTotal was pending, which is not by itself a negative signal.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill declares no permissions, yet its instructions explicitly allow invoking `python3` and reading local resources, which implies shell execution and file access beyond a purely text-planning skill. This creates a capability transparency problem: operators and policy systems may trust the skill as low-risk while it can access local files and run code, increasing the chance of unintended data exposure or misuse.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The declared purpose is campaign planning, but the referenced behavior indicates a much broader local-auditing tool that can scan directories, parse arbitrary files, search for secrets/risky commands, and write reports. That mismatch is dangerous because users may invoke the skill expecting a benign planner while it actually has general file-inspection and reporting functionality unrelated to its stated role, which can enable unauthorized local data access and covert repurposing.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The script implements multiple generic local auditing modes, including directory inspection, CSV auditing, pattern scanning, and skill package validation, which materially exceed the declared purpose of a creator/campaign planning skill. This expands the skill’s effective capability to inspect arbitrary local files and project contents, increasing the chance of unintended data exposure or misuse in environments where users expect only marketing-planning assistance.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The directory and skill-package reporting functions recursively enumerate files, read content, and summarize headings from local directories, which is outside the stated creator/campaign planning use case. In context, this mismatch is dangerous because a user may supply sensitive workspace paths and unknowingly trigger broad local content inspection under the guise of a planning tool.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The built-in high-risk pattern scan searches arbitrary files for secrets, private URLs, and shell-execution indicators, which is unrelated to influencer/campaign planning. Even though it does not execute code, it encourages scanning local content for sensitive material and then prints matched snippets, creating unnecessary exposure risk and capability creep for this skill.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.