Back to skill

Security audit

Texas Electricity Savings Monitor

Security checks across malware telemetry and agentic risk

Overview

This skill’s electricity-shopping workflow is coherent, but it embeds a live bearer token and sends household address data to an under-disclosed third-party API.

Review this skill before installing. Its core function is legitimate for Texas electricity plan comparison, but it should remove or rotate the embedded bearer token and clearly disclose that address and utility data are sent to PowerLego/Personalized Energy services for lookup and plan retrieval.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill explicitly instructs the agent to invoke local scripts that perform address lookup, plan retrieval, and URL generation, which implies external network access despite no declared permission for it. Undeclared network capability is dangerous because it hides data flows and expands the attack surface for exfiltration of user-provided address and utility data to third-party services without transparent permissioning.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
A description-behavior mismatch is a real security issue here because the skill appears to perform undisclosed live calls to external PowerLego and Personalized Energy services and reportedly includes a hardcoded bearer token, none of which are disclosed in the public description. Hidden credentials and undisclosed external integrations can lead to unauthorized API use, secret leakage, and users or operators making trust decisions based on incomplete or misleading information.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The file contains a hard-coded bearer token that can be reused by anyone with access to the code to make authenticated requests to the PowerLego API. In a distributable agent skill, this exposes live credentials outside of a controlled backend boundary and can enable unauthorized API use, quota exhaustion, data access, or account abuse beyond the intended Texas electricity workflow.

Natural-Language Policy Violations

Medium
Confidence
96% confidence
Finding
The default prompt hard-codes the agent to be a single English-speaking advisor, which overrides user language preference and can exclude or mis-serve users who need another language. In a utility-shopping workflow, this can lead to misunderstanding of addresses, plan details, pricing, or enrollment steps, creating fairness, accessibility, and consumer-protection risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This script sends full residential address details to external lookup functions (`usage_estimator`, `get_utility`, `get_plan`, and URL construction) without any visible consent, notice, minimization, or privacy guardrails in this file. Because the skill is specifically designed for Texas residential electricity shopping, the transmitted data is sensitive household location and utility-context information, making silent network disclosure a real privacy and compliance risk even if it is part of expected functionality.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The code sends user-supplied address and electricity usage data to external services without any built-in consent, notice, or minimization controls. While disclosure logic may exist elsewhere, this module is designed for workflow automation around residential electricity shopping, so silent transmission of sensitive household data increases privacy risk and can lead to unexpected third-party sharing.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The module uses a bearer token to access an external API without any indication to users or integrators that authenticated third-party requests are being made on their behalf. In the context of an agent skill handling residential shopping flows, hidden credentialed API usage reduces transparency and can mask trust, billing, and data-sharing implications.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.