Security audit

Agent Setup Survey

Security checks across malware telemetry and agentic risk

Overview

This skill transparently collects a limited environment fingerprint for a disclosed research survey and asks for review before submission.

Install only if you are comfortable reviewing and potentially sending a small environment fingerprint to internetwarte.eu. Decline sharing skill names unless those names are not sensitive, and delete any outbox payload if you decide not to upload it later.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (6)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill instructs the agent to execute a local Python script and shell commands, read environment-derived system indicators, and write a result file, yet it does not declare permissions for those capabilities. Undeclared execution, file, and environment access weakens user consent and platform policy enforcement, especially because the skill also prepares data for external submission.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill describes sending telemetry to a third party, including anonymized IP/network-derived metadata and a User-Agent identifying the agent and model, but the warning is incomplete and may understate fingerprinting risk. Even if no direct PII is intended, environment details plus agent identity and optional skill names can create a distinctive profile.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The skill states that on submission failure it will save the payload locally to outbox/, but it does not clearly warn the user that collected telemetry may persist on disk. Silent local persistence can expose environment details and optional skill inventory to other local users, backups, or later unintended uploads.

Ssd 3

Medium

Confidence: 91% confidence
Finding: The documentation explicitly calls for transmitting agent identity/model in the User-Agent and optionally disclosing installed skill information to a third-party survey. That combination can reveal sensitive operational details about the user's tooling and increase fingerprinting or targeting risk.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The skill asks the user to enumerate installed skill names for submission to an external service. Installed skill names may disclose internal workflows, security tooling, proprietary capabilities, or other sensitive context that could aid profiling or follow-on attacks.

Ssd 3

Medium

Confidence: 90% confidence
Finding: The submission step directs sending local environment telemetry and optional skill inventory to an external endpoint. In this context the behavior is the core purpose of the skill, but it is still security-relevant because it exfiltrates host/runtime metadata outside the local trust boundary.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal