Back to skill

Security audit

NoahAI drug pipeline

Security checks across malware telemetry and agentic risk

Overview

The skill appears to support a legitimate pharmaceutical research workflow, but it needs review because it can use an API token and send broad queries or parameter files to an external service without clear permission scoping.

Review before installing. Use it only if you intend to send pharmaceutical or company research queries to the NOAH-backed service, set NOAH_API_TOKEN deliberately, and avoid passing confidential prompts or local parameter files unless you trust the provider and understand the data flow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill declares no explicit permissions, yet its documented behavior requires environment access for NOAH_API_TOKEN, network access to query the API, and file I/O via the optional --params-file and local script execution flow. This mismatch weakens platform trust boundaries and reviewability because users and policy engines may not be accurately informed about the skill's effective capabilities.

Vague Triggers

Medium
Confidence
74% confidence
Finding
The trigger description is broad enough to activate on many ordinary biomedical or company-related queries, which can cause unintended skill invocation and unnecessary transmission of user prompts to an external API-backed workflow. In this context the data appears domain-specific rather than highly privileged, but over-triggering still increases privacy exposure and operational risk.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.