BCMS Content

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed BCMS content-management CLI; it can change or delete CMS content, but that matches its stated purpose.

Install only if you intend to let an agent modify BCMS content. Use a dedicated least-privilege BCMS API key, avoid production delete permissions unless needed, keep keys out of repo configs, prefer environment variables or a secret manager, and rotate the key if an MCP URL containing mcpKey is pasted into logs, browser history, shared config, or chat.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The documentation instructs users to pass the full MCP credential as the `mcpKey` URL query parameter. Query strings are commonly captured in browser history, IDE/client config files, proxy and CDN logs, server access logs, crash reports, and telemetry, so this pattern increases the chance of credential leakage even if the docs say not to commit the key. In this skill's context, the key is write-capable and grants broad MCP tool access, which makes accidental exposure more consequential.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal