Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 70% confidence
- Finding
- Without declared permissions the skill's intent is opaque and cannot be validated.
Quality Documentation Manager
Security checks across malware telemetry and agentic risk
Overview
This is a coherent medical-device document-control guide with an optional local validator and no evidence of hidden network, credential, persistence, or destructive automation.
Reasonable to install as advisory QMS documentation support. Review the included Python script before running it in a regulated environment, run it only on intended document metadata, and keep document release, retirement, disposal, and approval decisions with authorized personnel.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
- MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)
Shadow Command Trigger
Medium
- Category
- Trigger Abuse
- Confidence
- 70% confidence
- Finding
- Shadow Command Trigger: 'version control' conflicts with built-in command 'version'
VirusTotal
47/47 vendors flagged this skill as clean.