Back to skill

Security audit

Web Monitor

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: monitor user-chosen web pages and store local snapshots and diffs.

Install only if you are comfortable with the agent fetching URLs you provide and storing page text and diffs locally. Prefer setting WEB_MONITOR_DIR to a workspace-specific folder, avoid sensitive or authenticated pages unless local retention is intended, and remember that removing a watch may not delete old snapshot or diff files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill documentation describes capabilities that read environment variables, write local files, read stored snapshots, and fetch arbitrary network URLs, but it does not declare permissions. This creates a transparency and policy-enforcement gap: users or orchestration layers may not realize the skill can access local storage and external sites, making misuse or over-privileged execution harder to detect.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger language is broad enough to match many generic requests about checking or watching websites, which can cause the skill to activate in contexts the user did not intend. In an agentic environment, over-broad routing increases the chance of unnecessary network fetching and local content storage for arbitrary URLs.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill says it tracks pages and stores snapshots, but it does not clearly foreground that fetched website content is persisted locally. This can lead users to expose sensitive or copyrighted page contents to local retention without informed consent, especially when monitoring authenticated, internal, or personal pages.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.