Metagenomic Krona Chart

Security checks across malware telemetry and agentic risk

Overview

This skill is a local metagenomics chart generator that reads a user-provided taxonomy file and writes an HTML chart, with only routine dependency and file-handling cautions.

Install in a virtual environment, review or pin pandas and plotly versions, and run the script only on intended input files. Treat generated HTML as potentially containing sample or taxonomy details, and be aware it may load Plotly JavaScript from a CDN when opened.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill documents and encourages local script execution that reads user-supplied files, but it does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: operators or automated platforms may treat the skill as lower-risk than it actually is, which can lead to unintended file access within the execution environment.

Unpinned Dependencies

Low

Category: Supply Chain
Content: pandas plotly
Confidence: 96% confidence
Finding: pandas

Unpinned Dependencies

Low

Category: Supply Chain
Content: pandas plotly
Confidence: 96% confidence
Finding: plotly

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal