Back to skill

Security audit

Workshop Agenda Designer

Security checks across malware telemetry and agentic risk

Overview

This is a meeting-agenda drafting skill with a disclosed local Python helper; some unused audit code is bundled, but I found no hidden active scanning, networking, persistence, or destructive behavior.

Safe to install for drafting workshop agendas, with normal caution for local scripts. Run the helper only on explicit meeting-planning inputs, avoid unredacted sensitive notes unless you trust the package, and review any generated output before sharing or acting on it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill declares no permissions, yet it explicitly advertises shell execution and implies reading local resources and writing output files. This creates a capability/permission mismatch that can bypass user and platform expectations, increasing the risk of unauthorized local file access or command execution if the skill is invoked in a permissive runtime.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The script includes directory enumeration, file sampling, Markdown heading extraction, CSV auditing, and pattern-based scanning functionality that materially exceeds the declared purpose of a meeting agenda designer. In a skill expected to transform meeting inputs into agendas, this broad local inspection capability increases data exposure risk by reading unrelated repository or filesystem content and rendering it into reports.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The pattern scanner searches for secrets, internal URLs, and dangerous shell commands in arbitrary files, which is unrelated to meeting agenda generation and creates a capability for local security reconnaissance. Even though it only reports matches, it reads potentially sensitive files and can surface secret-like material into output, which is especially risky in a mismatched skill context.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill_audit logic inspects local skill package structure and parses SKILL.md metadata, which is unrelated to workshop agenda design and expands the script into a generic package compliance auditor. This broadens access to local project contents and can expose metadata or repository structure without a legitimate need tied to the stated skill purpose.

Intent-Code Divergence

Medium
Confidence
87% confidence
Finding
The CLI is described as a generic local support script rather than a meeting agenda designer, which signals scope drift and may mislead users into supplying arbitrary local paths for analysis. In combination with the audit modes above, this ambiguity makes it easier to use the tool for unintended local inspection of files and directories.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.