Back to skill

Security audit

LSP Code Navigation

Security checks across malware telemetry and agentic risk

Overview

This is a local code-navigation helper that openly runs language-server tools and a short-lived daemon; its main risk is trusting the commands and environment variables it uses.

Install only if you want a local LSP helper that can run language-server binaries against your workspace. Use trusted or pinned language servers, do not let untrusted projects or wrappers set LSP_SERVER or LSP_SOCK, and use the shutdown command when you want the daemon stopped.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill documentation describes capabilities that require shell execution, filesystem access, and environment-variable control, but the skill declares no permissions. This creates a trust and review gap: consumers may treat the skill as low-privilege while it can launch external binaries, read workspace files, create sockets/symlinks, and potentially write to user-accessible paths.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script allows the LSP server command for all languages to be overridden by the LSP_SERVER environment variable, then executes it as a subprocess without validation or warning. In an agent or automation context, an attacker who can influence environment variables can cause arbitrary code execution under the agent's privileges whenever the skill is invoked.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.