Back to skill

Security audit

Tmp.LE39RYfMoz

Security checks across malware telemetry and agentic risk

Overview

This Untappd skill is transparent about what it does, but it asks users to use account passwords and intercepted mobile-app credentials to access private APIs and post publicly.

Install only if you are comfortable giving the agent environment access to your Untappd username, password, and private mobile-app client credentials, and with using an unsupported private API. Review every confirm-gated write action carefully because check-ins, toasts, and comments affect your public Untappd account.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The skill explicitly tells users to obtain Untappd mobile app client credentials by intercepting the app's traffic, which encourages reverse-engineering and extraction of secrets not intended for end users. That exposes users to policy/legal risk and normalizes misuse of third-party credentials to access private or unsupported APIs, making the skill materially more dangerous than a standard beer-search integration.

Credential Access

High
Category
Privilege Escalation
Content
# Untappd MCP

Talks to Untappd's mobile (v4) API using your own account. Logs in via the app's
`xauth` endpoint (username + password → access token) and calls the same
endpoints the iPad app uses.

## Setup
Confidence
95% confidence
Finding
access token

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.