Back to skill

Security audit

Evidence Gap Mapper

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a disclosed local helper workflow, and the scanner concerns do not show hidden, destructive, credential-stealing, or unrelated behavior.

Install this only if you are comfortable with the agent running the documented local Python helper and writing its intended outputs. Review the skill text for the exact files it may read or create, and run it in a normal project sandbox rather than on sensitive directories.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill declares no permissions, yet the documentation explicitly allows local script execution via python3 and implies reading inputs and writing outputs. This creates a trust and enforcement gap: operators or orchestration layers may treat the skill as low-privilege while it actually has shell, file-read, and file-write behavior.

Intent-Code Divergence

Medium
Confidence
80% confidence
Finding
The skill claims a safety boundary of being 'default read-only, auditable, and reversible' while also permitting execution of a local Python script when the environment allows it. Even if the intended script is benign, executable pathways materially expand risk and can undermine user expectations about non-executing, read-only behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.