Back to skill

Security audit

Deck Narrative Planner

Security checks across malware telemetry and agentic risk

Overview

This skill is a local deck-outline helper, and its default behavior is aligned with that purpose without evidence of networking, credential access, persistence, or destructive actions.

Install only if you are comfortable with a local Python helper reading the input material you choose and optionally writing a local Markdown or JSON output file. Avoid feeding sensitive business or personal information unless needed, and review the generated deck structure because the skill organizes evidence but does not verify facts. The package contains dormant audit helper code, so future versions or local modifications should be checked if they change spec.json away from structured_brief.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill advertises a largely content-planning function but explicitly permits execution of `python3` and references input/output files, creating shell, file-read, and file-write capability without any declared permission model. That mismatch increases the chance the skill will be invoked in contexts that assume low risk, while still being able to access or modify local data if the runtime honors those capabilities.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The reported behavior indicates the underlying implementation is more generic and powerful than the stated deck-narrative purpose, including directory scanning, local file analysis, and security/compliance auditing. A skill that appears harmless but can inspect broader local content is dangerous because users and calling agents may provide trust, data access, or automation privileges under false assumptions, enabling unintended data exposure or abuse.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The script implements broad auditing modes such as directory scanning, CSV inspection, pattern matching, and skill compliance checks that materially exceed the declared purpose of a deck-narrative planning skill. This capability mismatch increases the attack surface by enabling filesystem inspection and security-oriented reconnaissance on arbitrary user-supplied paths, which is dangerous in a skill that users would not expect to perform repository analysis.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The pattern_audit path contains built-in detection logic for secrets, private URLs, destructive shell commands, and executable payload patterns, which is not justified by a presentation storytelling tool. In this skill context, that functionality is more dangerous because it can be used to inspect local files for sensitive material under the guise of benign deck support.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill_audit functionality examines repository structure, frontmatter, and compliance artifacts unrelated to generating presentation narratives. While less severe than secret-pattern scanning, it still permits unintended filesystem enumeration and collection of metadata from arbitrary skill directories, which is out of scope for the advertised skill.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger examples are broad natural-language phrases that can easily overlap with ordinary user requests, increasing the chance that this skill is invoked unintentionally. In an agent environment, accidental routing can cause the model to apply the wrong workflow, produce misleading deck-planning output for unrelated tasks, or mishandle sensitive materials by reformatting them without clear user intent.

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.