Skill Mcp Security Audit
Security checks across malware telemetry and agentic risk
Overview
This is an instruction-only checklist for auditing MCP servers and does not install code, request secrets, or run hidden actions.
This skill is reasonable to install as a security-audit checklist. Treat its dangerous code snippets and evil.com URLs as examples only, not commands to run. When using the checklist, run npm audit, pip-audit, grep, or cloning steps only on MCP servers you intend to review, preferably in an isolated workspace for untrusted packages.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.