Solar Weather Monitor

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward solar-weather checker that runs a local Python script and fetches public NOAA space-weather data.

Install only if you are comfortable running the included Python script and allowing it to contact NOAA's public SWPC service. No credentials are needed, and the reviewed artifacts do not show persistence, file modification, or private-data collection.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill documentation indicates network-dependent functionality using NOAA real-time data, but no corresponding permissions are declared. Undeclared network access weakens the platform's trust and review model because users and orchestrators cannot accurately assess what external communication the skill performs. In this context the destination appears legitimate and low-risk, but the permission mismatch is still a real security issue.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal