Accessibility Tester

Security checks across malware telemetry and agentic risk

Overview

The skill does not show data theft or system harm, but it substantially overstates real accessibility auditing and can produce compliance results for pages it never checks.

Install only if you treat this as a prototype or reference sketch, not a real accessibility compliance auditor. Do not rely on its scores, WCAG level, CI pass/fail output, Section 508/ADA-style claims, or remediation reports until it actually loads the target page and clearly documents implemented rule coverage.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Intent-Code Divergence

High

Confidence: 98% confidence
Finding: The module advertises real WCAG 2.1/2.2 testing, but the implementation does not inspect the supplied target and instead returns results from empty placeholder contexts. In a security- or compliance-relevant automation setting, this can mislead users into believing an application was audited and compliant when no meaningful testing occurred.

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The color contrast routine explicitly notes that it is simulated, yet the exported audit flow never provides DOM-derived element data and still emits authoritative pass/fail conclusions. This creates a false assurance condition where accessibility defects can be missed while reports suggest compliance testing was performed.

Description-Behavior Mismatch

High

Confidence: 99% confidence
Finding: The main audit routine ignores the provided URL, tests empty objects, and computes compliance scores and WCAG conformance flags anyway. Because this skill is positioned as an accessibility auditor, the mismatch is especially dangerous: downstream users may rely on fabricated scores for release, procurement, or regulatory decisions.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The code claims WCAG 2.2 support with 78 success criteria, but only a handful of checks are implemented. This overstatement can cause users to overtrust the audit output and overlook untested accessibility requirements, producing compliance and quality risks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal