Password

Security checks across malware telemetry and agentic risk

Overview

This password utility is purpose-aligned and not malicious, but users should treat live passwords carefully because some features take passwords as command-line input and one optional breach check contacts Have I Been Pwned with a SHA-1 prefix.

Install only if you are comfortable with a shell-based password helper. Prefer generated passwords over testing live reusable passwords, avoid putting production secrets into command-line arguments, and use the breach-check feature only if you accept sending a password-derived SHA-1 prefix to Have I Been Pwned.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 87% confidence
Finding: The skill advertises shell-backed commands in SKILL.md but declares no permissions, which creates a transparency and governance gap around what the skill can execute. For a password-related skill, hidden or undeclared execution capability is more sensitive because users may provide secrets, and shell tooling can process, log, or exfiltrate them if later implemented unsafely.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 94% confidence
Finding: The documented purpose and the detected behavior do not align: the skill claims storage, rotation, and breach checking, but the visible command list omits some of those while analysis indicates additional capabilities including network access. In a password tool, behavior drift and undeclared network use are especially dangerous because users may assume local-only handling of highly sensitive secrets when the skill may send data externally or fail to provide expected safeguards.

Vague Triggers

Low

Confidence: 76% confidence
Finding: The invocation text is broad enough that the skill could trigger during ordinary password discussions, increasing the chance that users paste real passwords or secrets into the tool unintentionally. In this context, overbroad activation matters more because the skill concerns credentials, one of the most sensitive data types an agent can handle.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill handles password material but provides no user-facing warning about sensitive-input risks, such as logging, storage, clipboard exposure, or remote breach-check transmission. Missing safety messaging increases the likelihood that users will submit live credentials under unsafe assumptions, especially in an agent environment where backend handling may not be obvious.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal