Grant Funding Scout

Security checks across malware telemetry and agentic risk

Overview

This is a simple local demo tool for mock grant-funding analysis, with only an optional user-directed report file write to consider.

Install only for demonstration or educational use. Do not rely on its mock funding recommendations for real grant strategy without checking authoritative funding databases, and choose an intentional workspace-local output path if saving a report.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 87% confidence
Finding: The skill describes file-writing capability via the `--output` parameter and explicitly notes that output files are saved to the workspace, but it does not declare corresponding permissions. This creates a mismatch between documented behavior and the permission model, which can lead to unauthorized or insufficiently constrained file writes if the runtime trusts the manifest for enforcement or review.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal