Security audit

Nginx Config Linter

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward local nginx configuration linter that only reads user-specified config files and reports findings.

Install only if you are comfortable running a local tool that reads the nginx config file or directory you point it at. Be careful with `--recursive` on broad directories, because nginx configs can contain sensitive paths or operational details, and `--strict` may fail CI when warnings are found.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 78% confidence
Finding: The skill documentation instructs the agent to read arbitrary nginx configuration files and recursively scan directories, which clearly requires file-read capability, yet no permissions are declared. This creates a transparency and policy-enforcement gap: an orchestrator or reviewer may treat the skill as lower risk than it actually is, and the recursive audit behavior can expand access beyond a single intended file. The mentioned network capability is not evidenced strongly in this file, but undeclared file access alone is a valid concern.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.