Naim Mcp

Security checks across malware telemetry and agentic risk

Overview

This is a lightweight connector skill for a remote API-registry MCP server, with no local code, installs, credentials, or hidden file access.

Install only if you trust the nAIm MCP endpoint. Treat searches, lookups, ratings, agent_id values, notes, and normal connection metadata as data shared with that remote service, and avoid putting secrets or sensitive internal details in queries or rating notes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 91% confidence
Finding: The skill instructs users to connect to a third-party MCP SSE endpoint and submit queries and ratings, but it does not clearly warn that these requests and any supplied metadata will be sent to an external service. This can mislead users into exposing operational interests, service usage patterns, agent identifiers, or free-form notes to a remote operator without informed consent.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal