Pathology ROI Selector

Security checks across malware telemetry and agentic risk

Overview

This skill is not malware, but it needs review because it presents itself as a pathology ROI detector while the included script only exports hard-coded mock ROI results.

Review before installing. Treat this as a draft or demo skill, not a reliable pathology analysis tool. Do not use its ROI coordinates for clinical, research, or training-data decisions until the mock implementation is replaced with real image analysis and output paths are constrained.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 81% confidence
Finding: The skill advertises executable behavior that writes outputs to disk, but it does not declare permissions or clearly constrain where writes may occur. In agent environments, undeclared file-write capability weakens policy enforcement and can lead to unintended overwrites, artifact leakage, or writes outside the expected workspace if the implementation is permissive.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 88% confidence
Finding: The skill description presents the tool as a generic structured data-analysis workflow, while the documented behavior includes image ROI selection, confidence filtering, and JSON export. This mismatch can cause the skill to be invoked in broader contexts than intended, leading users or agents to execute specialized code with file I/O side effects they did not reasonably expect.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The activation guidance is overly broad and repeatedly frames the skill as suitable for general data-analysis workflows, despite the skill being specialized for pathology ROI selection. Overbroad routing increases the chance that an agent will select this skill for inappropriate tasks, exposing local file-processing and output-generation behavior in contexts where it is unnecessary or unsafe.

Missing User Warnings

Low

Confidence: 73% confidence
Finding: The markdown indicates that the script generates output artifacts, but it does not give a prominent warning about file-writing side effects, destination, or overwrite risk. In agent-driven execution, insufficient disclosure of write behavior can surprise users and reduce their ability to assess data handling and workspace integrity before running the tool.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal