Back to skill

Security audit

HaluCatch / 捕幻

Security checks across malware telemetry and agentic risk

Overview

HaluCatch is a disclosed local skill-audit tool that reads a user-selected skill folder and writes local reports, with no evidence of network use, credential access, persistence, or destructive behavior.

Installers should understand that HaluCatch will recursively inspect the folder they ask it to audit and will create local markdown reports. Use it only on a deliberate skill directory, not a home, root, secrets, or broad project folder unless you intend those files to be scanned.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill instructs the agent to read an entire target directory, write reports to disk, and potentially invoke a Python script, but it does not declare any permissions or capability boundaries. This creates a trust and review gap: an agent may perform filesystem reads/writes and possibly network-capable code execution without the user seeing an explicit permission model, increasing the risk of overreach or unsafe execution in permissive runtimes.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The documented trigger phrase is broad enough that a user can ask the AI to review an arbitrary path, and the text implies the AI will automatically scan that target and generate outputs. Without explicit scope limits, confirmation, or path restrictions, this can lead to unintended inspection of sensitive local directories or accidental processing of unrelated files.

Missing User Warnings

Low
Confidence
81% confidence
Finding
The FAQ states that the AI will automatically generate three reports into a reports/ directory, but it does not clearly warn the user that local files will be created or overwritten as part of normal operation. This can cause unintended disk writes, confusion in constrained environments, or accidental disclosure if reports are written into shared or synced folders.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger guidance is broad enough that ordinary user requests like 'help me review this skill' may activate a workflow that reads many files, runs a local script, and writes reports, even when the user did not clearly intend those actions. Over-broad activation increases the chance of unintended file access and tool execution, especially in agent environments that auto-route on natural language cues.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The example invocations use colloquial, ambiguous phrasing that does not clearly separate casual discussion from permission to execute a scanning and report-generation workflow. In practice, this can cause accidental activation and unintended filesystem operations, which is risky because the skill is designed to recursively inspect directories and produce artifacts on disk.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.