PVPC España

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a bounded electricity-price helper that runs included Python scripts and queries a public Spanish PVPC API without credentials, persistence, or file/account mutation.

Reasonable to install if you want PVPC price guidance. Be aware that holiday handling may be wrong unless you manually account for Spanish national, regional, or local holidays, so do not rely on it as the sole source for tariff-period decisions on holidays.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 91% confidence
Finding: El código afirma que sábados, domingos y festivos son VALLE todo el día, pero solo implementa fines de semana. En el contexto de una skill que recomienda cuándo usar electrodomésticos para ahorrar, esto puede inducir decisiones erróneas en días festivos laborables, causando recomendaciones incorrectas y perjuicio económico al usuario.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal