Expanso json-validate

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward JSON validation skill; its only notable caution is that MCP mode starts an HTTP endpoint.

Appropriate to install for JSON validation. If using MCP mode, run it only on trusted machines or restrict the bind address/firewall, because the default server configuration listens on all interfaces and has no artifact-level authentication.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The skill is described as a pure local JSON validator with no API calls, yet it exposes an http_server input. That unnecessarily expands the attack surface by allowing remote or inter-process requests into a capability that should only need stdin, increasing the risk of unintended access, request smuggling into the runtime, or abuse of any downstream parsing logic.

Intent-Code Divergence

Medium

Confidence: 89% confidence
Finding: The manifest claims the skill runs locally without API calls, but it also enables an HTTP server, creating a misleading trust boundary for reviewers and operators. This discrepancy can cause the skill to be deployed with fewer safeguards than appropriate, because users may assume there is no network-exposed surface when there actually is one.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal