Generate

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local test-data generator, with the main caveat that it keeps a local history file and can write CSV output to a user-chosen path.

Install only if you are comfortable with a local history file at ~/.generate/data.jsonl. Avoid using the password command for real credentials, and be careful with csv --output because it can overwrite files at paths you provide.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Rogue AgentSelf-Modification, Session Persistence
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (11)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 94% confidence
Finding: The skill exposes shell execution, environment access, and file-write behavior but does not declare those capabilities up front. That creates a transparency and trust problem: a caller may invoke what appears to be a simple data generator without realizing it can persist data locally and write files, which increases the risk of unintended side effects and misuse.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 96% confidence
Finding: The documented behavior materially exceeds the stated purpose by persisting generation history, writing arbitrary output files, and supporting password generation and additional PII-like mock fields such as names, emails, and addresses. Description-behavior mismatch is dangerous because users and orchestrators may grant trust or route data based on the manifest text while the skill performs broader actions than advertised.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: Persistent local storage of generated data history is omitted from the high-level description, which can mislead users into assuming the tool is stateless. Even if the data is 'test' data, stored history may include schemas, prompts, generated credentials, or sensitive-looking records that should not be retained by default.

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: Password generation is a security-relevant capability that is not reflected in the manifest description. Users may treat the skill as harmless mock-data generation, but generating passwords can encourage use in real credential workflows and may cause sensitive outputs to be logged or persisted unexpectedly.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: Password generation is not clearly aligned with the stated mock/test-data purpose, making the capability higher risk in context. In this skill, the danger is amplified by the documented data-history logging, which could persist generated passwords to disk and turn a convenience feature into accidental secret storage.

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The script creates and appends to a hidden persistent file in the user's home directory for every command, even though the skill is described as a data generator rather than a telemetry or history tool. Hidden persistence without clear disclosure violates least surprise and can leak command usage patterns, schemas, output destinations, and other metadata across sessions.

Description-Behavior Mismatch

High

Confidence: 94% confidence
Finding: The csv command accepts a user-supplied --output path and writes directly to it, enabling arbitrary file creation or overwrite in any location the executing user can access. In an agent skill context, this exceeds simple test-data generation and can be abused to modify shell profiles, application configs, or project files, causing persistence or workflow tampering.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill does not prominently warn that generation history is written to disk, so users may inadvertently create a durable record of outputs they expected to be ephemeral. This is especially risky for generated passwords, sample identities, or proprietary schemas used in testing.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The script silently writes usage records to ~/.generate/data.jsonl without clear up-front notice in the skill description or help text. Even if the content is only metadata, undisclosed hidden logging creates privacy and trust risks and may expose sensitive generation parameters such as schemas, counts, ranges, and filenames.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The csv feature can write generated content to an arbitrary path, but this side effect is not clearly warned about in the help text or skill description. Undisclosed filesystem write behavior is risky in an agent environment because a caller may expect harmless stdout output while the skill modifies files on disk.

Session Persistence

Medium

Category: Rogue Agent
Content: - Python 3.8+ - `bash` shell - Write access to `~/.generate/` ## Data Storage
Confidence: 89% confidence
Finding: Write access to `~/.generate/` ## Data Storage Generated data history is stored in JSONL format at `~/.generate/data.jsonl`. Each generation event is logged for reproducibility and batch export. ##

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal