HTTP Security Headers

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward website header scanner that only contacts URLs the user provides and reports security header recommendations.

Install this if you want a tool that contacts websites you specify to inspect response headers. Use it only on domains or systems you own or are authorized to test, and be aware that batch mode will contact every URL supplied.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill instructs users to run a Python script that performs outbound HTTP requests against arbitrary user-supplied URLs, which is a network-capable action. If the skill framework relies on declared permissions for policy enforcement or user consent, omitting that declaration can bypass expected safeguards and enable scanning of internal or sensitive endpoints without clear authorization boundaries.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal