Back to skill

Security audit

Boggle Solver

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Boggle-solving skill whose main risk is a disclosed first-run download of dictionary text files from GitHub.

Install if you are comfortable with the skill downloading large dictionary files from GitHub on first use and caching them locally. For offline or high-integrity use, review or preinstall the dictionaries and consider verifying their hashes before running the solver.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
83% confidence
Finding
The skill declares no permissions, but its documented behavior includes file reads and automatic network access to download dictionaries from GitHub on first run. This creates a capability/permission mismatch that can bypass user or platform expectations, and network retrieval of executable inputs or data introduces supply-chain and integrity risks if the source is tampered with or unavailable.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill is described as a local Boggle solver, but it will fetch missing dictionaries from GitHub at runtime. This creates an undeclared supply-chain and network dependency: remote content can change, downloads may fail or be intercepted, and users may unknowingly execute code in an environment that permits outbound access contrary to expectations.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
Outbound network access is not necessary for the core function of solving a Boggle board once dictionaries are expected locally, so this expands the attack surface beyond the stated purpose. In restricted or sandboxed agent environments, unexpected egress can leak metadata, bypass assumptions about offline execution, and introduce reliability and supply-chain risks through remote dependency fetching.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.