OpenProject by altf1be

Security checks across malware telemetry and agentic risk

Overview

This is a broad but clearly documented OpenProject management skill that uses an API token to run user-invoked OpenProject API actions.

Install only if you want an agent to manage OpenProject on your behalf. Use a dedicated least-privilege API token, review create/update/delete/custom-action/OAuth commands before running them, be careful with --all notification changes, and only upload files you intend to send to the configured OpenProject instance.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The comment claims there is no arbitrary file access, but attachment-upload commands can read any local path supplied by the caller via --file. The safePath helper only blocks '..' segments and still allows absolute paths or arbitrary files within accessible directories, so a prompt-injected or mistaken caller could exfiltrate sensitive local files to the remote OpenProject instance.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: Bulk notification mark-read/unread operations can affect all matching notifications without any confirmation prompt or dry-run output. In an agent context, a malicious or erroneous instruction could silently alter a user's notification state at scale, causing missed alerts or workflow disruption.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal