Security audit

Bounty

Security checks across malware telemetry and agentic risk

Overview

The skill appears non-destructive, but its stated purpose and runtime instructions do not line up clearly enough for automatic trust.

Review this skill carefully before installing. It should be corrected so the name, metadata, triggers, and body all describe the same capability. Avoid using it for reservations, location-sensitive searches, or task-platform actions until its scope is clear.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: The skill metadata says this is a crowdsourcing/paid survey/task platform, but the body describes local business discovery, queue status, reservations, parking, and review content. This scope mismatch can cause the agent to invoke the skill for unrelated user intents, misleading users about what service is being used and potentially routing location-sensitive queries to an unintended integration.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The example triggers are generic phrases like using the skill for a 'specific scenario task' or asking about 'core features,' which are broad enough to match many ordinary requests. Over-broad invocation patterns increase the chance of accidental activation, intent hijacking, and user confusion, especially given the existing mismatch between the declared purpose and documented behavior.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.