Iacuc Protocol Drafter

Security checks across malware telemetry and agentic risk

Overview

This is a local IACUC drafting helper with disclosed file input/output and no evidence of hidden network, credential, persistence, or destructive behavior.

Install only if you are comfortable running a local Python script that can read the input path and write the output path you provide. Keep inputs and outputs in an intended workspace, avoid pointing it at sensitive files, and treat generated IACUC language as a draft that requires institution-specific and factual review.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill documentation indicates the script reads input files and writes output files, but no explicit permissions are declared. This creates a governance gap: users or orchestrators may treat the skill as lower-privilege than it actually is, increasing the chance of unsafe file access if the implementation does not strictly constrain paths. In this context, the risk is moderated because the stated purpose is local document generation with no network access, but undeclared file capabilities are still a real security issue.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal