Back to skill

Security audit

AIG Scanner

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate A.I.G security scanner, but it needs Review because it can start private-network scans and send sensitive targets, tokens, or local archives to a configured A.I.G server with weak confirmation boundaries.

Install only if you intend to run authorized A.I.G scans. Configure AIG_BASE_URL to a server you trust, use limited-scope API and model keys, confirm you are allowed to scan each local, LAN, or third-party target, and avoid uploading private archives unless they are meant to be analyzed by that server.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill explicitly uses environment variables and networked execution via a Python client, but it does not declare corresponding permissions. This creates a trust and policy gap: a host may permit installation or invocation without surfacing that the skill can reach external services and consume secrets from the environment.

Vague Triggers

Medium
Confidence
90% confidence
Finding
Several triggers such as scan AI service, check CVE, audit AI service, or scan skills are broad enough to activate on ordinary conversational requests. Because this skill can initiate network scans and contact a configured backend, overbroad routing can cause unintended security operations, data disclosure to the A.I.G service, or surprising execution without sufficiently specific user intent.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The explicit trigger list contains many generic phrases that could match common requests unrelated to this specific tool, increasing the risk of accidental invocation. In this skill, accidental invocation is more significant because the documented behavior includes local/private network scanning and transmission of scan details to an external A.I.G endpoint.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.