skill-navigator

Security checks across malware telemetry and agentic risk

Overview

This skill transparently scans installed skill metadata to build a dashboard and does not show hidden network, credential, persistence, or destructive behavior.

Install only if you are comfortable with a local script reading the SKILL.md metadata for every installed skill and printing that inventory. Avoid putting secrets in skill frontmatter, review the generated dashboard before sharing it, and treat the contextual skill matches as suggestions requiring user confirmation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 87% confidence
Finding: The skill instructs execution of a script that scans `/home/ubuntu/skills/` and reads other skills' `SKILL.md` files, but it does not declare any corresponding permissions. Undeclared filesystem access weakens transparency and consent controls, and in this context it enables bulk enumeration of installed skills and metadata that may reveal local environment details or sensitive prompt content embedded in skill files.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 92% confidence
Finding: The skill is described as a visual, interactive dashboard, but the documented behavior primarily performs local filesystem scanning, metadata extraction, heuristic classification, and JSON generation. This mismatch is security-relevant because users may authorize or trust the skill based on a benign UI-oriented description without realizing it inventories installed skills and processes local files.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The template defines very broad keyword-to-skill associations such as '数据/报表', '设计/视频', and '代码/API' that could trigger skills based on common user terms rather than explicit consent. In a dashboard intended to visualize installed skills, this can lead to unintended skill activation, surprising behavior, and possible overexposure of powerful skills when users are only discussing a topic rather than requesting tool use.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal