Ops Dashboard

Security checks across malware telemetry and agentic risk

Overview

This skill is a local operations dashboard that reads workspace and git metadata for reporting, with no evidence of network sharing, persistence, credential access, or destructive behavior.

Install only if you are comfortable with the agent seeing workspace health details, including git status, recent commit summaries, changed file paths, directory names and sizes, disk usage, and system load. Avoid running it against repositories where that metadata should not appear in an agent conversation.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill documentation describes a CLI that reads workspace state and invokes system/git-style operational checks, which implies file-read and shell-capable behavior, yet the skill declares no permissions. This creates a transparency and consent problem: users or policy systems may treat the skill as low-privilege while it can inspect repository contents and execute local commands against arbitrary workspace paths.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal