Back to skill

Security audit

Satellite Copilot

Security checks across malware telemetry and agentic risk

Overview

This is a coherent satellite pass alerting skill, but its optional capture scheduler should be treated as privileged local automation if enabled.

Install only if you want a local scheduled satellite-pass notifier. Verify the WhatsApp recipient and location settings before enabling cron. Do not enable capture/decode hooks or run scripts/radio_scheduler.py unless the configured commands are fully trusted, because they can run with your local user privileges and may inherit environment variables.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (8)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def run_pass_predictor(norad: int, lat: float, lon: float, height_m: float, min_el: float, lookahead_min: float) -> List[dict]:
    node = subprocess.check_output(["command", "-v", "node"], text=True).strip() or "node"
    script = Path(__file__).with_name("pass_predictor.mjs")
    cmd = [
        node,
Confidence
82% confidence
Finding
node = subprocess.check_output(["command", "-v", "node"], text=True).strip() or "node"

subprocess module call

Medium
Category
Dangerous Code Execution
Content
env["PASS_END"] = p["passEnd"]
                    env["PASS_MAX"] = p["passMax"]
                    try:
                        subprocess.run(cmd, shell=True, cwd=str(run_dir), env=env, timeout=timeout)
                    except Exception:
                        pass
Confidence
99% confidence
Finding
subprocess.run(cmd, shell=True, cwd=str(run_dir), env=env, timeout=timeout)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill advertises and documents behavior that relies on file access, environment access, and shell execution, yet it declares no permissions. This creates a transparency and governance problem: users and platforms cannot accurately assess the operational and security exposure before installation, and shell/file capabilities materially increase the blast radius if the skill is misconfigured or later extended unsafely.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
This is a genuine security concern because the documented purpose understates materially sensitive behavior: executing configured shell commands, maintaining persistent state on disk, and supporting SSH-based remote execution. In the context of an orchestration skill, those capabilities can be abused for command injection, lateral movement, or covert persistence, especially if users assume the skill only predicts passes and sends alerts.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The scheduler's core purpose is pass prediction and alerting, yet it also runs arbitrary capture hooks from configuration. That materially expands the attack surface from a passive scheduler into a general-purpose job runner, which is especially risky because execution is automatic and tied to external timing events.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill sends WhatsApp alerts derived from a configured latitude/longitude and operating schedule, but the description does not clearly warn users that location-linked operational data will be transmitted to a third-party messaging service. That omission can lead to inadvertent privacy exposure, including disclosure of station location, activity timing, and radio operations metadata.

Env Variable Harvesting

High
Category
Data Exfiltration
Content
(run_dir / "pass.json").write_text(json.dumps(p, indent=2), encoding="utf-8")

                    # Run capture command in shell, with timeout
                    env = os.environ.copy()
                    env["RADIO_RUN_DIR"] = str(run_dir)
                    env["SAT_NORAD"] = str(norad)
                    env["SAT_NAME"] = name
Confidence
97% confidence
Finding
os.environ.copy()

Tool Parameter Abuse

High
Category
Tool Misuse
Content
env["PASS_END"] = p["passEnd"]
                    env["PASS_MAX"] = p["passMax"]
                    try:
                        subprocess.run(cmd, shell=True, cwd=str(run_dir), env=env, timeout=timeout)
                    except Exception:
                        pass
Confidence
99% confidence
Finding
subprocess.run(cmd, shell=True

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.