AgentScout

Security checks across malware telemetry and agentic risk

Overview

AgentScout does what it advertises: it searches public GitHub agent projects, scores them with configured AI services, and saves generated social-post assets locally.

Install only if you are comfortable sending selected repository content, prompts, and image prompts to the configured LLM/image providers. Use least-privilege GitHub tokens, avoid processing private or sensitive repositories, and review generated output before publishing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (10)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 94% confidence
Finding: The skill invokes a Python pipeline that requires environment variables, network access, and writes output files, but the skill content does not clearly declare or constrain these capabilities as permissions. This creates a transparency and consent problem: a user may trigger code that accesses tokens and external services and writes data locally without an explicit security boundary or capability disclosure.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 91% confidence
Finding: The skill description understates the operational scope relative to the behavior described, including ranking, persistent storage, local file generation, and likely additional automation such as screenshots and asset creation. When a skill does more than users are led to expect, it increases the risk of unsafe consent, unexpected data retention, and broader attack surface from hidden side effects.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The README explicitly states that full README text, file trees, key code, and project metadata are sent to external LLM and image APIs, but it does not clearly warn users about privacy, licensing, or third-party data transfer implications. In a tool that ingests arbitrary GitHub repositories, this can cause users to transmit proprietary, sensitive, or license-restricted content to external providers without informed consent.

Missing User Warnings

Low

Confidence: 89% confidence
Finding: The skill states that output is saved to a local directory but does not clearly warn the user up front that generated content and images will be written to disk. This is primarily a transparency and safety issue that can lead to unexpected local data creation, clutter, or accidental exposure if outputs contain sensitive repository-derived material.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill analyzes repository content and uses an external OpenAI-compatible LLM API key, but it does not warn that repository data may be transmitted to third-party LLM services. This can expose proprietary, sensitive, or regulated content outside the local environment without informed user consent.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: This code sends both the user prompt and optional system content to a third-party LLM API endpoint via the configured OpenAI-compatible client, with no indication in this file of consent, redaction, or data-classification safeguards. In a skill that aggregates external content and generates publish-ready material, prompts may contain proprietary project data, API keys accidentally pasted by users, or unpublished drafts, so silent transmission creates a real privacy and compliance risk.

External Transmission

Medium

Category: Data Exfiltration
Content: LLM_API_KEY=sk-xxxx # 可选 - LLM 配置（默认 OpenAI） LLM_BASE_URL=https://api.openai.com/v1 LLM_MODEL=gpt-4o # 可选 - AI 配图（支持任意 OpenAI 兼容的图片 API）
Confidence: 88% confidence
Finding: https://api.openai.com/

External Transmission

Medium

Category: Data Exfiltration
Content: # 可选 - AI 配图（支持任意 OpenAI 兼容的图片 API） IMAGE_API_KEY=sk-xxxx IMAGE_BASE_URL=https://api.siliconflow.cn/v1 IMAGE_MODEL=black-forest-labs/FLUX.1-schnell ```
Confidence: 86% confidence
Finding: https://api.siliconflow.cn/

External Transmission

Medium

Category: Data Exfiltration
Content: |------|------|--------|------| | `GITHUB_TOKEN` | 推荐 | - | GitHub Personal Access Token | | `LLM_API_KEY` | ✅ | - | LLM API Key | | `LLM_BASE_URL` | - | `https://api.openai.com/v1` | 任意 OpenAI 兼容端点 | | `LLM_MODEL` | - | `gpt-4o` | 模型名称 | | `IMAGE_API_KEY` | - | - | 图片生成 API Key（不填则跳过 AI 配图） | | `IMAGE_BASE_URL` | - | `https://api.siliconflow.cn/v1` | 图片 API 端点 |
Confidence: 88% confidence
Finding: https://api.openai.com/

External Transmission

Medium

Category: Data Exfiltration
Content: | `LLM_BASE_URL` | - | `https://api.openai.com/v1` | 任意 OpenAI 兼容端点 | | `LLM_MODEL` | - | `gpt-4o` | 模型名称 | | `IMAGE_API_KEY` | - | - | 图片生成 API Key（不填则跳过 AI 配图） | | `IMAGE_BASE_URL` | - | `https://api.siliconflow.cn/v1` | 图片 API 端点 | | `IMAGE_MODEL` | - | `FLUX.1-schnell` | 图片模型 | | `SCORE_WEIGHT_*` | - | 见上表 | 四维评分权重 | | `TOPK_SIZE` | - | `20` | 排行榜保留数量 |
Confidence: 85% confidence
Finding: https://api.siliconflow.cn/

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal