Angus Bounty Hunter

Security checks across malware telemetry and agentic risk

Overview

This smart-contract scanner mostly matches its purpose, but it can install and run code from untrusted target repositories on the user's machine.

Install only if you will run it in an isolated container or VM with no host secrets. Review or remove the npm/pip install steps before scanning untrusted repositories, treat local Ollama prompts as shared with that local service, and do not fetch the missing poc-template.sh from an untrusted source.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill explicitly instructs users to run shell scripts that clone repositories and execute local tooling, but it declares no permissions. This creates a trust and transparency gap: users may invoke shell-capable behavior without clear disclosure, increasing the risk of unexpected command execution, dependency installation, and interaction with untrusted repositories.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 96% confidence
Finding: The described workflow goes beyond the stated scope by cloning arbitrary repositories, installing dependencies from target codebases, and contacting a local Ollama service, all of which expand the attack surface. In this context, scanning untrusted bug bounty targets is especially dangerous because hostile repositories can abuse build/install steps or local service access to execute code, exfiltrate data, or mislead analysis.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The script automatically sends extracted finding descriptions to a locally running LLM service without any explicit user consent, warning, or opt-in flag. Even though the destination is localhost, this still transmits potentially sensitive audit data to another process and model runtime, which may log prompts or expose them through that service's configuration.

VirusTotal

42/42 vendors flagged this skill as clean.

View on VirusTotal