Freezer Sample Locator

Security checks across malware telemetry and agentic risk

Overview

This is a local freezer inventory tool, but it needs review because its file-writing behavior is broader than its documentation implies.

Install only if you are comfortable with a local Python script that creates and modifies a sample inventory database. Keep backups, avoid storing sensitive notes unless the data directory is protected, and use export paths carefully because the script can write to arbitrary writable locations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill documentation explicitly describes local file read/write behavior while omitting any declared permissions model, which creates a governance gap around what filesystem access is actually allowed. In an agent ecosystem, undocumented file capabilities can lead to overbroad access, unsafe assumptions by reviewers, and accidental exposure or modification of unrelated files if implementation drifts from the stated `data/` constraint.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 84% confidence
Finding: The documented behavior is internally inconsistent: it claims some controls and features while describing a different operational surface, including record update/delete, stats generation, limited search fields, and CSV-only export. Security review depends on accurate behavior descriptions; when documentation and actual capability diverge, reviewers may miss destructive actions, unreviewed data flows, or unsupported assumptions about retention, export, and access controls.

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The skill exposes update and delete operations even though the declared scope emphasizes recording, searching, and exporting sample locations. In an agent setting, this expands authority beyond user expectations and can enable accidental or unauthorized tampering or destruction of inventory records, undermining data integrity for lab samples.

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The export command writes to any caller-supplied path without restriction, giving the skill broad filesystem write capability unrelated to freezer tracking itself. In an agent or automation environment, this can be abused to overwrite arbitrary writable files, place data in sensitive locations, or facilitate follow-on attacks through file clobbering.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal