Back to skill

Security audit

Side Peace

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it handles secrets through an unauthenticated plain-HTTP server that is exposed to the local network by default.

Review before installing. Use only the localhost URL, run it on trusted machines and networks, prefer short-lived scoped tokens, delete the generated secret file immediately after use, and avoid sending high-value credentials through the advertised network URL unless the skill is changed to use localhost-only or authenticated transport.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill documentation describes a networked secret handoff service, but no explicit permissions are declared despite requiring network access. In an agent skill ecosystem, undeclared network capability reduces transparency and can bypass operator expectations or permission gating, which is a real security issue even if the network use is part of the intended functionality.

Tp4

High
Category
MCP Tool Poisoning
Confidence
98% confidence
Finding
The documented behavior goes beyond a local secret handoff by exposing an unauthenticated HTTP secret submission endpoint on all interfaces and advertising network-reachable URLs. That creates a clear path for secrets to be intercepted, spoofed, or submitted by other machines on the same network, which is especially dangerous given the skill handles credentials.

Intent-Code Divergence

Medium
Confidence
86% confidence
Finding
The skill claims the secret never appears in stdout/logs, but it does print the exact file path where the secret is stored. While this does not disclose the secret value directly, it exposes sensitive storage location metadata that can aid a local attacker, log reader, or another process in retrieving the secret. The misleading documentation also increases the chance operators will trust the tool more than they should.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The server binds to 0.0.0.0 and advertises network-reachable URLs, making the secret intake service accessible from other hosts on the local network instead of only the local machine. In the context of a secret handoff tool, this materially increases exposure because any reachable client may submit data first, interfere with the intended workflow, or interact with the service in ways the operator may not expect.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Secrets are submitted over plain HTTP, and because the service is exposed on network interfaces, the data may traverse the LAN without transport protection. On untrusted or shared networks, an attacker with network visibility could observe or tamper with the submitted secret, which is especially risky given the tool's purpose is handling sensitive material.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.