Sanfrancisco Today Festivalevents Agent

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it fetches San Francisco event listings from SF Funcheap and can store them locally for search.

Install in a virtual environment, expect live requests to sf.funcheap.com when listing or ingesting events, and expect a local ./rag_db directory when using ingestion/search. Check that scraping the site is acceptable for your use case and delete ./rag_db if you no longer want the saved event index.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill instructs the agent to run a Python script that performs live scraping of SF event data, which requires network access, yet the manifest declares no required permissions. This creates a permissions transparency gap: users and hosting platforms may assume the skill is local-only when it actually reaches external sites, increasing the risk of unexpected outbound connections, data exfiltration pathways, or policy bypass.

Missing User Warnings

Low

Confidence: 92% confidence
Finding: The skill makes a live outbound HTTP request to a third-party website without any user-facing disclosure or consent flow. While the request only appears to send standard request metadata such as IP address and User-Agent, this still creates an external data exposure and network interaction that users may not expect from a local event-harvesting skill.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal