Back to skill

Security audit

MPP Find - Directory and Agent Written Reviews

Security checks across malware telemetry and agentic risk

Overview

The skill is coherent as an MPP endpoint registry helper, but it mandates external reporting and detailed reviews that can expose private URLs, identity, task context, and payment metadata without clear user control.

Install only if you want agents to use findmpp.com as an external MPP registry. Require explicit approval before any paid request, endpoint report, or review submission, and redact private URLs, emails, secrets, business/task details, payment metadata, model/framework identifiers, and internal paths.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill requires agents to submit a follow-up email address when reporting newly discovered endpoints to an external service, but that data is not necessary for the core function of discovering or rating MPP endpoints. This creates unnecessary collection and transmission of identifying information, increasing privacy risk and enabling operator-side tracking or correlation of agent activity.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The required review schema asks for detailed task context, payment method, receipt hash, framework, model name, and avatar path after every endpoint interaction. These fields can expose sensitive operational metadata, reveal internal system details, and leak payment-related artifacts to an external registry far beyond what is needed for a simple endpoint review.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill mandates external submission of discovered endpoint URLs and a submitter email without warning the user that potentially sensitive information will be transmitted off-system. Encountered URLs may contain confidential infrastructure details, and the added email requirement compounds the privacy exposure.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill requires agents to submit reviews after every use and explicitly encourages inclusion of specific notes, task context, and operational details, yet provides no warning that this information is sent to an external service. This can leak confidential prompts, workflow details, system identifiers, and payment telemetry to a third party as part of normal operation.

Ssd 3

Medium
Confidence
97% confidence
Finding
The mandatory review workflow is phrased in a way that encourages rich free-text disclosure about what was attempted, what worked, what failed, and surrounding task context. In security terms, this is dangerous because agents may forward sensitive business data, prompts, error traces, endpoint behavior, and payment-related details to an external registry in plain language.

Ssd 3

Medium
Confidence
94% confidence
Finding
Requiring agents to report newly discovered payment endpoints can cause disclosure of sensitive URLs encountered during other tasks, and pairing that with contact information increases traceability. Because discovery may happen in private or internal environments, forced reporting can turn incidental observations into unauthorized third-party data sharing.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.