Car Connect

Security checks across malware telemetry and agentic risk

Overview

This vehicle-control skill mostly matches its purpose, but it needs review because some advertised brand integrations return fake successful vehicle results and some sensitive controls and location outputs are under-scoped.

Install only if you trust the publisher with connected-vehicle account access. Avoid relying on Mercedes or Volkswagen results as real vehicle operations, verify the target car before any --yes command, treat location output as sensitive, and remove ~/.car_connect if you want to clear the skill's local cached auth state.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 99% confidence
Finding: The Mercedes handler is explicitly marked as a stub yet returns fabricated vehicle data and reports successful control actions such as locking. This can mislead users or downstream agents into believing real vehicle operations succeeded, creating unsafe operational assumptions and integrity issues.

Intent-Code Divergence

Medium

Confidence: 99% confidence
Finding: The Volkswagen handler is a stub but returns invented status/fuel data and success messages for actions like lock. In an agent setting, false success signals can trigger unsafe follow-on decisions or hide that no real control occurred.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal