Single-cell Pipeline

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward local generator for single-cell RNA-seq analysis templates, with no evidence of hidden data access, credential use, persistence, or exfiltration.

Install and run this in an isolated analysis environment, review dependencies before installing them, and generate templates into a dedicated output directory. Treat any genomics datasets processed by the generated scripts as sensitive local data.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill describes generation of scripts and writing output files, but it does not declare corresponding permissions. This mismatch is a real security and governance issue because consumers, reviewers, or enforcement layers may assume the skill is non-writing while it can create or overwrite files via its generated tooling. In this context the file-write behavior is expected for a code-generation pipeline, which lowers suspicion of maliciousness, but undeclared write capability still increases the risk of accidental overwrite, unsafe output paths, and policy bypass.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal