Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 70% confidence
- Finding
- Without declared permissions the skill's intent is opaque and cannot be validated.
Aura Security Scanner
Security checks across malware telemetry and agentic risk
Overview
This skill is a remote security scanner that sends a user-provided skill URL to AURA and returns the scan result, with no evidence of local file access, command execution, persistence, or hidden behavior.
Install only if you are comfortable sharing scanned skill URLs with AURA or the configured AURA_API_URL endpoint. Do not submit private repositories, presigned links, token-bearing URLs, or internal service URLs unless you trust that endpoint, and use the scanner's verdict as one input rather than final proof of safety.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (7)
Missing User Warnings
Medium
- Confidence
- 91% confidence
- Finding
- This markdown file documents that the skill performs a POST request to an external API and includes user-supplied skill URLs plus repo trust metadata. Under the missing-warning rule for markdown, network transmission that could affect privacy should be clearly disclosed as a user-facing warning, not just described as an API detail.
Missing User Warnings
Medium
- Confidence
- 90% confidence
- Finding
- This code sends the extracted URL from the user's query to the external AURA API via an HTTP POST request. Although the file comments describe that it calls the AURA Security API, there is no user-facing warning, prompt, or runtime disclosure that the provided URL will be transmitted to a third-party service.
External Transmission
Medium
- Category
- Data Exfiltration
- Content
This skill calls the AURA Security API: ``` POST https://api.aurasecurity.io/scan-skill { "skillUrl": "https://github.com/user/skill", "format": "auto",- Confidence
- 50% confidence
- Finding
- https://api.aurasecurity.io/
Credential Access
High
- Category
- Privilege Escalation
- Content
AURA Verified: No Findings: - CRITICAL: Accesses SSH keys (~/.ssh/id_rsa) - HIGH: Sends data to webhook.site - HIGH: Runs eval() on decoded base64
- Confidence
- 90% confidence
- Finding
- ~/.ssh/id_rsa
Instruction Override
High
- Category
- Prompt Injection
- Content
## What It Detects - **Malware Patterns** - Credential theft, file exfiltration, crypto miners, backdoors - **Prompt Injection** - Attempts to override system instructions or jailbreak agents - **Permission Issues** - Overly broad filesystem, network, or execution permissions - **Suspicious Networks** - Connections to known exfiltration domains (webhook.site, etc.) - **Obfuscated Code** - Base64/hex encoded execution, dynamic eval patterns
- Confidence
- 90% confidence
- Finding
- override system
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
}, "dependencies": {}, "devDependencies": { "typescript": "^5.0.0" } }- Confidence
- 40% confidence
- Finding
- "typescript": "^5.0.0"
VirusTotal
64/64 vendors flagged this skill as clean.