Security audit

Skill Test Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a documentation helper that reads target skill scripts and generates testing guidance, with no evidence of credential use, network access, hidden persistence, or destructive behavior.

Install only if you want an agent to inspect a target skill's scripts and draft testing documentation. Review any generated TESTING.md or SKILL.md patch before applying it, and do not run generated test commands against untrusted scripts without inspecting those scripts first.

SkillSpector

By NVIDIA

Vulnerability Patterns

Rogue AgentSelf-Modification, Session Persistence
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill explicitly instructs reading arbitrary files from a target skill's scripts directory, but it declares no permissions or trust boundary for that file access. Undeclared file-read capability is dangerous because it can lead operators to invoke the skill without understanding that it will inspect local repository contents, including potentially sensitive scripts or adjacent files if the scope is not constrained.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The skill description promises automatic creation or updating of TESTING.md or SKILL.md, but the analyzed behavior reportedly only emits markdown and does not perform the checks or modifications it claims. This mismatch is security-relevant because users may rely on the skill to update documentation or enforce testing coverage when it actually does not, creating a false sense of completion and weakening review and change-control processes.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The skill instructs creating or updating TESTING.md or SKILL.md without warning that documentation files may be modified. Even though this targets docs rather than code, silent modification guidance can still cause unintended repository changes, overwrite curated content, or bypass normal review expectations.

Self-Modification

High

Category: Rogue Agent
Content: - Test execution instructions - Environment setup requirements **Option B: Update SKILL.md** Add a "Testing" section to the existing SKILL.md with: - Overview of test approach - Test case summaries
Confidence: 89% confidence
Finding: Update SKILL

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.