Expanso tls-inspect

Security checks across malware telemetry and agentic risk

Overview

This TLS inspection skill should be reviewed before use because it can give fabricated or misleading certificate results and its CLI path may allow command execution through crafted host input.

Install only if you are comfortable reviewing and constraining it first. Do not feed untrusted hostnames to the CLI pipeline, do not rely on the valid field for certificate assurance, and avoid MCP mode for real security decisions unless it is changed to perform actual TLS validation and bind only where intended.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The pipeline advertises TLS inspection but never connects to or validates a real TLS endpoint; it deterministically fabricates certificate fields from user input and marks the result as valid. This can mislead downstream systems or operators into trusting nonexistent certificate checks, creating a security integrity issue if the skill is used for compliance, validation, or decision-making.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal