Back to skill

Security audit

test-find-skills

Security checks across malware telemetry and agentic risk

Overview

The skill mainly searches Huawei Cloud skill listings, but it should be reviewed because it pushes automatic remote skill installation without enough user control or safety checks.

Install only if you specifically want an agent workflow that searches remote Huawei Cloud skill indexes and may guide installation of additional skills. Review the matched skill and source repository before installing, avoid blind auto-confirmed installs, and prefer pinned or trusted sources where possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill explicitly relies on outbound network access to GitCode and GitHub, but no declared permissions are present to signal that capability. Hidden or undeclared network use reduces transparency and can bypass user or platform expectations about what the skill is allowed to do, especially because the fetched remote content influences later installation decisions.

Tp4

High
Category
MCP Tool Poisoning
Confidence
86% confidence
Finding
The description presents the skill as a simple discovery/install helper, but the documented behavior includes remote data retrieval, keyword expansion, ranking logic, and a workflow that leads users to install external skills. This mismatch can mislead users and reviewers about the real trust boundary: remote repository data is being consumed and then used to recommend code installation.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The document claims the skill is read-only, yet the core workflow includes `npx` installation commands that modify the local environment and may execute third-party code. This is a dangerous trust signal because users may consent under the false assumption that no system changes or code execution will occur.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill directs users to install skills through `npx` from GitCode/GitHub/OpenClaw sources without an explicit security warning, integrity verification step, or confirmation that the code is trusted. Installing via `npx` can fetch and execute third-party package logic, creating a software supply-chain risk if a repository, package, or dependency is compromised.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The skill mandates use of this workflow for any Huawei Cloud task, which pressures the agent or user into a specific external-tool path even when unnecessary. That increases exposure to remote content and third-party installation flows by default, rather than making them opt-in based on user intent and risk tolerance.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.