Estat Mcp
Security checks across malware telemetry and agentic risk
Overview
This skill is a straightforward helper for Japanese e-Stat government data, with a disclosed third-party package install and expected API key requirement.
Install only if you trust the `estat-mcp` Python package and are comfortable providing an e-Stat app ID. Use a service-specific API key, avoid placing unrelated secrets in the same environment, and be aware that the unpinned `uv` install may fetch a newer package version than the skill version.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.