Ebm Calculator

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward local medical-statistics calculator; the main caution is that its optional output flag can overwrite a user-chosen file path.

This appears reasonable to install for local EBM calculations. Use stdout when possible, or provide an output path inside your workspace to avoid accidentally overwriting another file. Treat the medical outputs as educational or decision-support calculations, not standalone clinical advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 84% confidence
Finding: The skill advertises file output capability via the `--output` parameter and explicitly states that output files can be written to the workspace, but it does not declare corresponding permissions. This creates a mismatch between documented behavior and the security model, which can lead to unauthorized or insufficiently constrained file writes if the implementation accepts arbitrary paths.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal