Back to skill

Security audit

leetcode-plan

Security checks across malware telemetry and agentic risk

Overview

This is a coherent LeetCode study helper that locally keeps a mistake notebook, with no evidence of hidden network access, credential use, or destructive behavior.

Install if you are comfortable with the skill creating or updating errorset.md in whatever folder the agent is running from. Use it from the directory where you want the notebook stored, avoid putting sensitive personal information in mistake explanations, and ensure command arguments are handled safely when recording entries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill instructs reading `references/plan.md` and writing `errorset.md`, but declares no permissions or capability boundaries. This creates a transparency and governance gap: a host or reviewer may treat the skill as non-invasive while it can access and modify local files in the user's workspace. In this context, the file operations are related to the stated study-plan function, so the issue is not overtly malicious, but it still weakens user consent and platform enforcement.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill writes `errorset.md` to the user's current working directory without an explicit warning or consent step. Writing into an ambient workspace can overwrite or create files in sensitive project directories, leak study data into repos, or produce unintended side effects in whatever directory the agent happens to be running from. The context makes this more dangerous because the destination is not fixed or sandboxed.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.