Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 70% confidence
- Finding
- Without declared permissions the skill's intent is opaque and cannot be validated.
Model Resource Profiler
Security checks across malware telemetry and agentic risk
Overview
This skill is a local profiler-report helper that reads user-selected JSON/JSON.GZ artifacts and writes reports, with no evidence of hidden access or unsafe behavior.
Install if you are comfortable running the included Python analyzer on profiler artifacts you choose. Use trusted JSON or JSON.GZ exports, avoid pointing it at unrelated private files, and choose report output paths you recognize.
SkillSpector
By NVIDIA
Vulnerability Patterns
- MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)
VirusTotal
66/66 vendors flagged this skill as clean.