Bytesagain Mcp

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed BytesAgain MCP setup and search helper that only runs user-invoked network checks/searches against bytesagain.com and does not modify local files itself.

Install only if you are comfortable with your agent or terminal contacting bytesagain.com for MCP tool discovery and skill search. Review the setup command before registering the remote MCP endpoint in OpenClaw or Claude.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 94% confidence
Finding: The skill advertises no declared permissions while clearly instructing use of shell commands and outbound network access to third-party endpoints. This weakens the trust model for agents and users, because a supposedly harmless documentation-style skill can still trigger execution paths that contact remote services and process untrusted responses.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 91% confidence
Finding: The documented purpose says the skill only shows setup commands and does not modify files, but the described behavior goes beyond that by performing live network tests, querying remote APIs, parsing remote JSON, and supporting additional search flows. This mismatch can mislead operators into granting execution to a skill under false assumptions, increasing the chance of unintended data flow to an external service or unexpected remote interaction.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal