Back to skill

Security audit

GEO Optimization

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly GEO guidance with optional Perplexity-based monitoring scripts; the risky parts are visible and purpose-aligned, though some configuration is sloppy.

Install only if you want GEO guidance or Perplexity-based visibility monitoring. Before running scripts or adding cron, replace the Gameye-specific queries/domains and the hardcoded workspace path, use a scoped Perplexity API key, and avoid confidential prompts because queries and responses are sent to Perplexity and stored locally in geo-history.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill documentation advertises executable monitoring scripts, cron jobs, .env-based secret loading, local file generation, and external API use while declaring no permissions. This creates a trust and consent gap: an agent or reviewer may treat the skill as low-risk content guidance, but it actually implies shell, filesystem, environment, and network capabilities that can access secrets, write artifacts, and call third-party services.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The skill claims broad GEO optimization for multiple AI platforms, but the described behavior includes active monitoring, historical data storage, Telegram-ready reporting, .env secret loading, and external Perplexity API requests. This mismatch is dangerous because users may invoke it expecting content advice while it performs operational actions and outbound data flows not clearly disclosed, increasing the chance of unintended secret exposure, unauthorized network activity, or persistence via scheduled tasks/files.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script writes query text, model responses, citations, and analysis results to local history files without clear disclosure, consent, retention limits, or redaction. If users submit sensitive prompts or if responses contain proprietary data, the script silently creates a durable local data trail that may later be exposed through backups, shared workstations, or source-control mistakes.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.