Back to skill

Security audit

Dcs

Security checks across malware telemetry and agentic risk

Overview

This skill is labeled as an industrial distributed-control manager, but it only implements a local note/config store under ~/.dcs.

Install only if you want a simple local record/config tracker, not a real distributed-control-system manager. Do not store secrets, credentials, or sensitive operational data in it, and review the files it creates under ~/.dcs and any dcs-export files before sharing or backing them up.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill presents itself as a distributed control system manager, but the documented behavior is a generic local record manager that stores arbitrary entries in ~/.dcs/ and exports them to files. This kind of capability mismatch can mislead users and higher-level agents into granting trust, permissions, or operational use under false assumptions, increasing the risk of inappropriate data handling and unsafe deployment.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The manifest advertises an industrial/distributed control system management skill, but the commands only describe local CRUD-style record handling in JSONL files. In an agent ecosystem, this semantic deception can cause incorrect tool selection, over-trust, and misuse in sensitive industrial contexts where users expect domain-specific controls and safeguards.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The user-facing documentation reinforces a misleading industrial-control framing while the operational model is just a simple local data-entry tracker. This increases the chance that users will entrust operational or sensitive data to a tool lacking domain-specific validation, access control, safety checks, or audit expectations typical for DCS environments.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The documentation states that data is stored persistently under ~/.dcs/ and can be exported, but it does not prominently warn that user-provided data will be written to disk and may be overwritten or exposed through exports. This can lead to accidental persistence of sensitive information and unsafe assumptions about data ephemerality.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
Configuration values are stored in plaintext under the user's home directory without any warning, validation, or secret-handling safeguards. If users place credentials, tokens, endpoints, or operational settings there, other local users, backups, or malware with user-level access may read sensitive data, and the misleading 'distributed control system' framing could make users more likely to store important infrastructure-related values.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.