Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 70% confidence
- Finding
- Without declared permissions the skill's intent is opaque and cannot be validated.
Security audit
local-skill-manager
Security checks across malware telemetry and agentic risk
Overview
This appears to be a skill-management helper with some clarity and dependency hygiene issues, but no evidence of hidden or malicious behavior.
Install only if you want an agent to help manage skills. Before using create or delete operations, confirm the exact target skill and keep backups or version control. Prefer pinning dependencies and reviewing the skill's instructions for confirmation prompts around destructive actions.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
- MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
- MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (20)
Tp2
High
- Category
- MCP Tool Poisoning
- Confidence
- 85% confidence
- Finding
- Mixing characters from multiple Unicode scripts in a single identifier is a common technique to create visually ambiguous tool names.
Tp2
High
- Category
- MCP Tool Poisoning
- Confidence
- 85% confidence
- Finding
- Mixing characters from multiple Unicode scripts in a single identifier is a common technique to create visually ambiguous tool names.
Tp2
High
- Category
- MCP Tool Poisoning
- Confidence
- 85% confidence
- Finding
- Mixing characters from multiple Unicode scripts in a single identifier is a common technique to create visually ambiguous tool names.
Tp2
High
- Category
- MCP Tool Poisoning
- Confidence
- 85% confidence
- Finding
- Mixing characters from multiple Unicode scripts in a single identifier is a common technique to create visually ambiguous tool names.
Tp2
High
- Category
- MCP Tool Poisoning
- Confidence
- 85% confidence
- Finding
- Mixing characters from multiple Unicode scripts in a single identifier is a common technique to create visually ambiguous tool names.
Tp2
High
- Category
- MCP Tool Poisoning
- Confidence
- 85% confidence
- Finding
- Mixing characters from multiple Unicode scripts in a single identifier is a common technique to create visually ambiguous tool names.
Tp2
High
- Category
- MCP Tool Poisoning
- Confidence
- 85% confidence
- Finding
- Mixing characters from multiple Unicode scripts in a single identifier is a common technique to create visually ambiguous tool names.
Tp2
High
- Category
- MCP Tool Poisoning
- Confidence
- 85% confidence
- Finding
- Mixing characters from multiple Unicode scripts in a single identifier is a common technique to create visually ambiguous tool names.
Tp2
High
- Category
- MCP Tool Poisoning
- Confidence
- 85% confidence
- Finding
- Mixing characters from multiple Unicode scripts in a single identifier is a common technique to create visually ambiguous tool names.
Tp2
High
- Category
- MCP Tool Poisoning
- Confidence
- 85% confidence
- Finding
- Mixing characters from multiple Unicode scripts in a single identifier is a common technique to create visually ambiguous tool names.
Tp2
High
- Category
- MCP Tool Poisoning
- Confidence
- 85% confidence
- Finding
- Mixing characters from multiple Unicode scripts in a single identifier is a common technique to create visually ambiguous tool names.
Tp2
High
- Category
- MCP Tool Poisoning
- Confidence
- 85% confidence
- Finding
- Mixing characters from multiple Unicode scripts in a single identifier is a common technique to create visually ambiguous tool names.
Tp2
High
- Category
- MCP Tool Poisoning
- Confidence
- 85% confidence
- Finding
- Mixing characters from multiple Unicode scripts in a single identifier is a common technique to create visually ambiguous tool names.
Natural-Language Policy Violations
Medium
- Confidence
- 95% confidence
- Finding
- The manifest description and many trigger examples are written in Chinese, and the file does not state that the skill is region-specific or that users may interact in other languages. This creates a natural-language policy concern because it appears to impose a language/locale expectation without user opt-in or justification.
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
pyyaml
- Confidence
- 60% confidence
- Finding
- pyyaml
Known Vulnerable Dependency: pyyaml — 8 advisory(ies): CVE-2019-20477 (Deserialization of Untrusted Data in PyYAML); CVE-2020-1747 (Improper Input Validation in PyYAML); CVE-2020-14343 (Improper Input Validation in PyYAML) +5 more
Critical
- Category
- Supply Chain
- Confidence
- 90% confidence
- Finding
- pyyaml
Shadow Command Trigger
Medium
- Category
- Trigger Abuse
- Confidence
- 70% confidence
- Finding
- Shadow Command Trigger: 'list skills' conflicts with built-in command 'list'
Shadow Command Trigger
Medium
- Category
- Trigger Abuse
- Confidence
- 70% confidence
- Finding
- Shadow Command Trigger: 'create skill' conflicts with built-in command 'create'
Shadow Command Trigger
Medium
- Category
- Trigger Abuse
- Confidence
- 70% confidence
- Finding
- Shadow Command Trigger: 'delete skill' conflicts with built-in command 'delete'
VirusTotal
63/63 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.