ratgdo32 disco

Security checks across malware telemetry and agentic risk

Overview

This skill openly controls a local garage door device, but its broad trigger wording and safety-check gaps make accidental physical actions a real review concern.

Install only if you are comfortable giving an agent local physical control over your garage door. Before use, narrow the trigger to explicit garage-control requests, require confirmation for open/close and remote-lockout actions, and fix the helper so it refuses to close unless status and obstruction checks are successfully verified.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill exposes shell-based operational capability without any declared permission boundary, and those shell commands directly control a physical garage door over HTTP. In this context, undeclared shell access is dangerous because it can perform safety-critical actions and creates a gap between what the platform may expect and what the skill can actually do.

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The invocation text is broad enough to trigger on ordinary conversation about garages, cars, remotes, or status, which could cause the agent to select this skill unexpectedly. Because the skill can open/close a real garage door and disable remotes, overbroad matching materially increases the risk of unintended physical actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal