DeepWiki Ask

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward DeepWiki repository query helper, with the main caution that repository names and questions are sent to DeepWiki.

Install only if you are comfortable sending repository names, requested topics, and questions to DeepWiki. Avoid including secrets, private code excerpts, credentials, or confidential internal details in prompts unless that data flow is approved.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill instructs the agent to invoke a Python script, use shell execution, read and write a temporary file, and access DeepWiki/MCP over the network, but the skill metadata declares no permissions. This creates a real capability/permission mismatch that can bypass user and platform expectations, reducing visibility and control over sensitive operations such as shelling out and network access.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill reads arbitrary question text from stdin or a local file and sends it to `https://mcp.deepwiki.com/mcp`, but the CLI does not clearly warn users that this content will leave the local environment. In agent workflows, stdin and files may contain sensitive repository data, prompts, credentials, or internal notes, so this creates a real data-exfiltration/privacy risk even if transmission is the tool's intended function.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal