Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 70% confidence
- Finding
- Without declared permissions the skill's intent is opaque and cannot be validated.
Aliyun Modelstudio Crawl And Skill
Security checks across malware telemetry and agentic risk
Overview
This is a disclosed repository maintenance skill that crawls a public Alibaba Cloud models page and generates local summary/coverage files, with no credential use or hidden persistence found.
Install this only if you intend to refresh Alibaba Cloud Model Studio model data in a repository. Run it from a clean, version-controlled worktree, review all generated output before keeping or committing it, and consider pinning or separately reviewing the `@just-every/crawl` npm package before executing the crawl.
SkillSpector
By NVIDIA
Vulnerability Patterns
- MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
- MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)
Tp4
High
- Category
- MCP Tool Poisoning
- Confidence
- 96% confidence
- Finding
- The description claims this is used for refreshing the models crawl and regenerating derived summaries and skills, but the code only handles part of that workflow. One script builds summary artifacts from an already-existing alicloud-model-studio-models.md file, and the other produces a markdown skill coverage scan from the generated JSON. There is no code to run a crawl, fetch remote content, or modify/regenerate any files under skills/ai. The summaries portion matches partially, but the primary claimed behavior includes crawl refresh and skill regeneration, which are materially absent.
Natural-Language Policy Violations
Low
- Confidence
- 84% confidence
- Finding
- This Python file contains natural-language output strings such as "技能覆盖扫描", "覆盖建议", and "未分类模型" that force Chinese for generated user-facing content. The policy allows locale constraints when they are justified or optional, but this script does not provide user opt-in or explain that the output is intentionally region-specific.
VirusTotal
65/65 vendors flagged this skill as clean.