Randomization Gen

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward local tool for generating randomization CSV files, with the main caution being that it can overwrite the output path the user chooses.

Before installing, understand that running this skill executes a local Python script and creates or overwrites a CSV at the selected output path. Use a workspace-local filename, check for existing files first, and independently validate the randomization method before using it for regulated clinical or study work.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill describes writing an output file but does not declare corresponding permissions or constraints, creating a mismatch between documented capabilities and expected security controls. This can lead to unintended filesystem modification, especially if an agent platform relies on declared permissions for enforcement or user awareness.

Missing User Warnings

Low

Confidence: 82% confidence
Finding: The skill states that output files will be written, but it does not clearly warn users that executing the skill modifies the filesystem. While the described behavior is expected for this type of tool, lack of explicit warning can cause surprise writes, overwrites, or confusion about where artifacts are stored.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal