Blockbuster Therapy Predictor

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it needs review because it presents mock biotech rankings as investment/R&D analysis and can write reports to any path the process can access.

Install only as a demo or sandboxed analysis aid. Do not rely on its rankings for medical, regulatory, investment, or R&D decisions without replacing the mock data with sourced, validated inputs, and keep any saved report path inside a disposable workspace.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill documents local Python execution and saving reports to arbitrary user-provided file paths via the `--save` parameter, yet it declares no explicit permissions. This mismatch weakens least-privilege enforcement and can cause the platform or reviewers to underestimate the skill's write capabilities, increasing the chance of unintended file modification within the workspace.

Description-Behavior Mismatch

Medium

Confidence: 97% confidence
Finding: The skill advertises analysis of clinical trial progression, patent landscape maturity, and VC funding trends, but all outputs are derived from fixed mock records and hardcoded scoring tables. In an investment and R&D prioritization context, this can mislead users into treating fabricated or stale outputs as evidence-based analysis, causing materially bad decisions even though there is no direct code-execution risk.

Intent-Code Divergence

Low

Confidence: 90% confidence
Finding: The DataLoader documentation implies support for real data sources, but the implementation only returns mock demonstration data. This mismatch increases the chance that operators or downstream agents will overtrust the output as production-grade intelligence, especially because the rest of the script presents polished rankings and recommendations.

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The trigger text is broad enough to activate on generic investment or comparison requests, which can route unrelated queries into a tool that performs local script execution and file output. Overbroad invocation increases the attack surface for unintended execution and can cause users to receive actions or outputs they did not explicitly request.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal