Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 70% confidence
- Finding
- Without declared permissions the skill's intent is opaque and cannot be validated.
Clarity Variant
Security checks across malware telemetry and agentic risk
Overview
This skill is a focused Clarity Protocol lookup helper that uses an optional API key for authenticated read-only requests and shows no hidden or destructive behavior.
Install if you intend to query Clarity Protocol variant data. Only set CLARITY_API_KEY if you want authenticated higher-rate requests, use a dedicated Clarity key, and treat returned research data as external API output.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)
Env Variable Harvesting
High
- Category
- Data Exfiltration
- Content
"Accept": "application/json" } api_key = os.environ.get("CLARITY_API_KEY") if api_key: headers["X-API-Key"] = api_key- Confidence
- 70% confidence
- Finding
- os.environ.get("CLARITY_API_KEY
VirusTotal
65/65 vendors flagged this skill as clean.