IDFM Journey

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward public-transit lookup skill that uses a user-provided IDFM API key for its stated purpose.

Use a dedicated IDFM PRIM API key, avoid committing or printing it, rotate it if exposed, and do not use --base-url unless you trust the destination because the key is sent with requests.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill documentation indicates the script uses both environment access and outbound network calls, but the skill declares no permissions or capability boundaries. This is dangerous because users and hosting platforms cannot accurately assess that the skill will read sensitive environment variables and contact external services, increasing the chance of unreviewed secret exposure or unintended data egress.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs users to place an API key in an environment variable but does not provide any guidance on secure handling, rotation, scoping, or avoiding accidental disclosure. In practice, this can lead to credentials being pasted into shell history, logs, screenshots, shared environments, or debugging output, which could allow unauthorized use of the IDFM PRIM account.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal