Back to skill

Security audit

Analysis Data

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its ChartGen purpose, but one helper path can fetch result files from arbitrary HTTPS URLs despite the stated chartgen.ai-only network boundary.

Install only if you are comfortable sending confirmed prompts and selected spreadsheet files to ChartGen under your API key. Review the confirmation and file list before approving. Because result downloads are not restricted to chartgen.ai-hosted URLs, use extra caution on sensitive or locked-down networks until the helper adds host allowlisting and download limits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill explicitly performs network access to https://chartgen.ai and uses an environment variable/API key, but the metadata does not declare corresponding permissions. This creates a permission-model mismatch that can hide outbound data transfer and secret usage from reviewers or policy enforcement, especially since the workflow sends confirmed prompts and selected files to a third party.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The tool follows and downloads arbitrary HTTPS URLs supplied by the remote ChartGen service, including redirects, and writes the response to a local file without host allowlisting, size limits, or content validation. If the service is compromised or returns attacker-controlled URLs, this enables SSRF-like outbound access from the client environment and can be abused to fetch unexpected internal or sensitive network resources reachable by the host.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.