Cli Builder

Security checks across malware telemetry and agentic risk

Overview

This is mostly a local CLI template generator, with one under-disclosed helper script that writes a small local command history but does not transmit data or perform destructive actions.

Install only if you want a local CLI template generator and are comfortable running bash scripts that call python3. Prefer scripts/cli-builder.sh for the documented generator features. Avoid passing secrets, tokens, or sensitive project names to scripts/script.sh because it can write command history under your local data directory.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 87% confidence
Finding: The skill advertises command generation features but does not declare permissions despite exhibiting capabilities to read environment data and read/write local files. Undeclared capabilities reduce transparency and bypass informed user consent, which is dangerous in agent settings because generated or supporting scripts may access sensitive local state unexpectedly.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 91% confidence
Finding: The skill description claims a focused CLI scaffolding purpose, but the analyzed behavior indicates broader workflow automation plus persistent logging to a local history file and creation of an application data directory. This mismatch is risky because users may authorize the skill for code generation while it silently performs additional stateful actions and records command activity, which can expose project names, commands, paths, or other sensitive operational metadata.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The script records command arguments verbatim to a persistent history file under the user's data directory without notice, consent, minimization, or redaction. Command arguments often contain secrets such as API keys, tokens, internal paths, or project names, so this creates a local sensitive-data exposure risk and can unintentionally retain confidential information.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal