Back to skill

Security audit

Test Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is advertised as a test generator, but part of it is a persistent local logging and data-management tool.

Install only if you are comfortable with a test-generator package that also includes a local persistent logging utility. Do not enter secrets, tokens, proprietary code, or sensitive test output into its add command, and review or delete the configured test-generator data directory if cleanup matters.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The manifest claims this is a test-generation skill, but the body describes a generic data-management and logging CLI with persistent storage, search, export, and history tracking. This mismatch is dangerous because users or orchestrators may grant trust, invoke the skill in sensitive contexts, or expose project data under the assumption it only generates tests, enabling unintended collection and disclosure of local information.

Intent-Code Divergence

High
Confidence
96% confidence
Finding
The title and documentation present a multi-purpose data-management tool rather than the declared test-generator skill. In an agent ecosystem, deceptive or inconsistent documentation increases the risk of inappropriate invocation and can hide collection, retention, and export capabilities behind a trusted developer-tool label.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The documented behavior is a note-taking/data-log utility, not an automated test generator as claimed. In practice this can cause agents or users to feed it test artifacts, code snippets, or operational details that are then stored and made searchable/exportable, creating avoidable confidentiality and governance risks.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The implementation does not match the advertised skill purpose: instead of generating tests, it provides a generic local data/log management CLI with commands like add, remove, search, and export. This kind of capability mismatch is dangerous in an agent skill because it can mislead users or orchestrators into granting and invoking functionality unrelated to the declared purpose, increasing the risk of unauthorized data collection, persistence, and exfiltration via local logs.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The script presents itself as a 'test-generator' while its help text describes a 'Multi-purpose utility tool' with unrelated generic commands, creating deceptive or at least materially misleading behavior. In a skill ecosystem, this discrepancy undermines trust and can conceal undeclared capabilities from reviewers and users, making misuse of local storage and command surfaces more likely.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill description and usage scope are broad and internally inconsistent, which makes it unclear when an agent should invoke it and what side effects it may have. Ambiguous scope is risky in autonomous systems because it can lead to overbroad invocation, misuse outside intended contexts, and accidental persistence of sensitive data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.