Taxonomy Normalizer

Security checks across malware telemetry and agentic risk

Overview

This skill is a local taxonomy-report helper with disclosed Python file input/output and no evidence of hidden network access, credential use, persistence, or destructive behavior.

Install if you want a local helper for drafting taxonomy-normalization reports. Review input and output paths before running it, avoid pointing it at sensitive directories or files unnecessarily, and treat generated migration suggestions as review drafts rather than automatic production changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill declares no permissions, yet its instructions explicitly allow running `python3` and imply reading local resources and writing output files. This creates a capability/permission gap that can mislead users and any policy layer about what the skill may actually do, increasing the chance of unintended file access or shell execution.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 93% confidence
Finding: The described purpose is taxonomy normalization, but the observed behavior reportedly includes broad filesystem scanning, content inspection, regex-based secret/private URL detection, and generic auditing modes. That mismatch is dangerous because a user invoking a benign data-governance skill would not reasonably expect repository-wide analysis or sensitive-content scanning, which can expose unrelated data and expand the blast radius far beyond the stated use case.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger examples are broad natural-language phrases like '把这些不同分类体系统一一下' and '保留别名和废弃词映射', which can overlap with ordinary user requests and cause the skill to activate unintentionally. In an agent environment, over-broad routing increases the chance that this skill is selected for tasks outside its intended scope, potentially producing misleading normalization output or interfering with safer, more specific workflows.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal