Security audit

Multi Protocol Bridge

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it gives agents broad remote access to run SSH commands, transfer/delete files, and publish MQTT messages with sensitive credentials through an external gateway.

Install only if you intentionally want an AgentPMT-hosted bridge that can reach your FTP, SSH, and MQTT systems. Use it with explicit hosts and paths, prefer encrypted schemes, avoid putting secrets in URLs when another credential mechanism is available, and require human review before SSH commands, uploads, deletes, or retained MQTT publishes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill advertises broad activation keywords such as 'url' and 'options', which are common across many unrelated user requests and can cause over-selection of this skill. In context, this is more dangerous than a normal discoverability issue because the skill exposes high-impact actions including remote command execution, file transfer, deletion, and MQTT publishing, so accidental invocation could send credentials or execute unintended operations on external systems.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill description and instructions prominently describe passing credentials, file contents, commands, private keys, and MQTT payloads through an HTTP gateway, but they do not provide a clear upfront warning that this data will be transmitted to external infrastructure and potentially onward to third-party hosts. Because the tool supports SSH command execution and credential-bearing URLs, insufficient warning increases the chance that users or agents disclose secrets or sensitive operational data without informed consent.

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: The schema documents arbitrary remote shell command execution over SSH without an explicit warning that commands may be destructive, expose sensitive data, or alter remote systems. In an agent-driven context, normalizing this capability without prominent safety guidance increases the risk of accidental harmful actions or misuse against production infrastructure.

Missing User Warnings

Low

Confidence: 72% confidence
Finding: The upload action modifies remote data but lacks a clear warning that it can overwrite files, plant content on external systems, or leak sensitive material to remote servers. In an autonomous agent setting, missing modification warnings make accidental or unauthorized data changes more likely.

Missing User Warnings

Low

Confidence: 70% confidence
Finding: The download action returns remote file contents but does not clearly warn that fetched data may contain sensitive information and that retrieved content may be exposed to the requesting agent or downstream logs. In a bridge skill handling remote protocols, that omission increases the chance of unintended data disclosure.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal