Security audit

Source Trace Builder

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a local citation/source-tracing helper with no evidence of hidden network access, credential use, persistence, or destructive behavior.

Install only if you are comfortable with a local Python helper reading the input file you choose and optionally writing a report file. Use dry-run or stdout for sensitive drafts, choose output paths deliberately, and review generated citation mappings before relying on them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill advertises no declared permissions, yet its instructions explicitly allow invoking `python3` and imply reading local templates/specs and writing output files. This creates a capability/permission mismatch that can bypass user expectations and platform policy checks, increasing the chance of unintended file access or shell execution if the runtime honors the embedded instructions.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The script’s implemented behaviors are largely generic auditing, pattern scanning, CSV/directory inspection, and skill-package validation rather than building citation indexes or mapping primary versus secondary sources as described by the skill metadata. This mismatch is dangerous because users may grant the skill access to research materials under the assumption of source-trace processing, while it instead enumerates directories and inspects unrelated files, expanding data exposure beyond the declared purpose.

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The pattern_audit feature scans files for security-related strings such as secrets, private URLs, and shell-execution patterns, which is unrelated to the advertised citation/source-tracing purpose. In context, this creates unnecessary capability to inspect sensitive repository contents and surface snippets from matched material, increasing confidentiality risk and violating least-privilege expectations.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The skill_audit logic performs package compliance checks over expected skill files and parses SKILL.md frontmatter, which is operational validation unrelated to citation/source mapping. This broadens the tool’s access pattern to inspect project structure and metadata outside the user’s likely intent, making the skill more capable than advertised and therefore riskier in agent environments.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal