Dei Statement Drafter

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward local DEI statement drafting helper with disclosed, user-selected file input and optional file output.

Safe to install for normal use. Only pass an experiences file you intend to use in the draft, and choose an output path that will not overwrite anything important.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 82% confidence
Finding: The skill documentation describes file-writing behavior and an output path parameter, but no explicit permissions model is declared. This creates a mismatch between advertised capabilities and declared constraints, which can lead to unsafe assumptions by users or hosting platforms and increases the risk of unintended file overwrite or abuse if path handling is weak.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal