Vendor Risk Brief

Security checks across malware telemetry and agentic risk

Overview

This skill is a local vendor-risk briefing helper that reads a user-chosen input and can write a user-chosen report, with no evidence of hidden network access, credential use, persistence, or destructive behavior.

Use this for draft vendor-risk summaries, not formal legal or security approval. Provide a specific scoped input file or inline text, avoid unnecessary secrets or personal data, and review any generated output before sharing it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill declares no explicit permissions, yet its instructions authorize shell execution via python3 and imply reading templates/specs and writing output files. This creates a capability/permission mismatch that can mislead users or policy engines about what the skill may do, reducing transparency and increasing the chance of unintended local file access or command execution.

Description-Behavior Mismatch

High

Confidence: 96% confidence
Finding: The script exposes multiple generic analysis modes (directory, CSV, pattern, and skill-audit) that materially exceed the stated purpose of a vendor-risk briefing skill. This scope expansion lets the skill inspect arbitrary local files and repositories, increasing the chance of unintended data access and turning a narrowly scoped workflow into a general-purpose local analysis tool.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The regex-based pattern scanner reads arbitrary files and emits matched snippets, including secret-like material and internal URLs, which can expose sensitive local content in output. In the context of a vendor-risk briefing skill, this capability is unnecessary and broadens the attack surface by encouraging inspection of unrelated local data.

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The skill-audit functionality inspects arbitrary skill package structure and parses metadata/frontmatter, which is unrelated to vendor-risk analysis and expands the tool into general repository auditing. This increases the likelihood that users will point it at unrelated local projects, causing unnecessary collection and disclosure of file structure and metadata.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The CLI accepts arbitrary file and directory inputs, scans their contents, and may print extracted snippets to stdout or save them to disk without prominent warnings. In a local agent skill context, this is dangerous because users may unintentionally disclose sensitive repository content, secrets, or internal paths through generated reports or logs.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal