Back to skill

Security audit

Shared Memory between Lobsters

Security checks across malware telemetry and agentic risk

Overview

This skill is built for Ensue shared-memory management, but it can reuse local Ensue credentials and make lasting access-control changes without built-in confirmation.

Install only if you want this agent to administer Ensue shared-memory access. Prefer setting ENSUE_API_KEY explicitly for this skill, avoid troubleshooting steps that print the raw key, and require a clear manual review before deletes, revokes, org-wide grants, broad namespace patterns, or write/delete permissions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill clearly instructs the agent to invoke a shell script (`shared-memory.sh`) and depends on an API key, but it does not declare permissions corresponding to that shell capability. This creates a transparency and policy-enforcement gap: a reviewer or runtime may underestimate the skill's ability to execute commands that create users, modify groups, and change access controls on shared memory resources.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The script searches multiple unrelated local plugin and config paths for an Ensue API key, then uses whatever it finds for authenticated operations. In a shared-memory/admin skill, this materially expands credential access beyond explicit user-provided input and can silently appropriate existing credentials from other tools, enabling unauthorized account, group, or permission changes.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill exposes destructive identity and permission-management operations such as deleting users, deleting groups, granting broad access, and revoking permissions, but it provides no warnings, confirmation guidance, or safety boundaries. In this context, the skill manages shared-memory access control, so accidental or socially engineered use could lock users out, overexpose private namespaces, or alter collaboration state in ways that are hard to detect or reverse.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script reads credentials from local files and immediately performs authenticated network requests without any explicit disclosure, consent, or warning to the user. This creates a stealthy data-flow from local secrets to a remote service, which is especially risky because the skill manages shared memory, users, groups, and permissions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Destructive and sensitive operations such as delete-user, delete-group, grant, and revoke execute immediately with no confirmation prompt, dry-run mode, or safety guardrails. In this skill's context, those actions can alter access control for shared memory across users or groups, causing accidental privilege changes or service disruption.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.