Delx Wellness

Security checks across malware telemetry and agentic risk

Overview

This skill is a small site-operations guide whose analytics and credential notes fit its stated Delx Wellness SEO and monitoring purpose.

Install this only if you work on the Delx Wellness site. Before running analytics-related commands, confirm what credentials they use, prefer read-only or least-privilege access, and approve any live provider calls or writes explicitly.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Description-Behavior Mismatch

Medium

Confidence: 86% confidence
Finding: The skill advertises a command to collect growth metrics that is not necessary for the documented purpose of selecting and troubleshooting wellness connectors. In an agent context, this can encourage execution of telemetry or analytics code that may access local data, environment secrets, or network endpoints outside user intent, expanding the skill's effective attack surface.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal