Back to skill

Security audit

Lab Inventory Predictor

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a legitimate local lab-inventory tool, but its code does not enforce the workspace path limits that its documentation promises.

Install only if you are comfortable with a local script storing lab inventory and experiment usage details. Use the default data path, avoid custom paths until the publisher adds real path validation, and do not rely on the documented workspace-only path protection in this version.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill documentation describes file read/write behavior through a default inventory data path and optional output file path, but no explicit permissions are declared. This creates a capability/permission mismatch that can cause the agent or reviewers to underestimate filesystem access, increasing the risk of unintended data exposure or unauthorized modification within the workspace. The context slightly reduces severity because the skill is legitimately inventory-focused and mentions some path restrictions, but it still performs persistent storage operations.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The audit result explicitly states that path traversal protection for the --data-file argument is documented but not actually enforced in the script. If an agent or user can control that file path, they may be able to read unintended files outside the workspace, which can expose sensitive local data or violate sandbox boundaries.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
This is the same underlying issue reflected in another section of the audit: the documentation claims --data-file path traversal rejection, but the recommendation says the protection is absent from the implementation. Mismatched security claims are dangerous because deployers may rely on controls that do not exist, enabling unauthorized file access when the skill processes attacker-influenced paths.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.