Security audit

Site Health Monitor

Security checks across malware telemetry and agentic risk

Overview

This is a website health-checking skill whose network checks and optional local monitoring history fit its stated purpose, with some transparency and consent caveats.

Install only if you want an agent to run local shell-based website checks and make network requests to domains you provide. Use recurring monitoring only for sites you control or are authorized to test, and review the local config/history paths if the monitored domains or outage history are sensitive.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill instructs the agent to execute shell scripts (`scripts/check_site.sh` and `scripts/check_ssl.sh`) but does not declare corresponding permissions. Hidden or undeclared execution capability weakens user consent and platform enforcement, making it easier for a skill to perform network-active or file-touching operations without clear disclosure.

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The trigger phrases are broad enough to match common website-help requests, which can cause the skill to activate in situations where the user did not clearly intend ongoing monitoring or shell-backed checks. Over-broad invocation increases the chance of unexpected network access, script execution, and follow-on actions beyond the user's immediate expectation.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill directs persistent writes to configuration and history files in the user's home/workspace without a clear warning or explicit consent flow. Undisclosed local storage can expose sensitive infrastructure details such as monitored domains, thresholds, and historical outages, and it may surprise users who expected a stateless check.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The cron guidance encourages recurring execution without warning that it will generate ongoing network traffic and persist monitoring history. This can lead to unbounded background activity, surprise resource consumption, and long-lived storage of site-monitoring data if the user enables scheduling without understanding the consequences.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal