Back to skill

Security audit

Atlas Tracker

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Atlas Tracker integration, but it needs Review because it combines credentials, direct API use, persistent local service setup, and arbitrary local-file upload without enough scoping or user-consent guidance.

Install only if you trust the Atlas Tracker/RedForester service and are comfortable giving the agent access to Atlas Tracker data and credentials. Prefer MCP tools over raw curl/API calls, keep credentials out of chat and shell history where possible, and require explicit confirmation of the exact local file path and target node before any upload.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The documentation explicitly instructs the agent to bypass the declared MCP-tool interface and use direct HTTP requests with handcrafted Basic authentication. This expands the skill's effective capabilities beyond its stated boundaries and creates a path for credential handling and data access that is not mediated by the approved tool layer, increasing the risk of unauthorized access or policy bypass.

Scope Creep

Medium
Confidence
89% confidence
Finding
The reference material documents undeclared REST endpoints for listing maps, searching nodes, and reading arbitrary nodes, which materially broadens what an agent may attempt beyond the manifest's allowed tool permissions. In an agent setting, this can enable capability creep and unreviewed access patterns, especially because the documented endpoints expose potentially sensitive workspace structure and content.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill instructs the agent to upload arbitrary local files to a remote Atlas Tracker service without requiring explicit user confirmation, file sensitivity checks, or path restrictions. In an agent setting, this can lead to unintended exfiltration of local secrets, documents, or system files if the agent is prompted to attach a file opportunistically.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The file provides a ready-to-use authentication recipe that normalizes handling user credentials directly and gives no warning about credential exposure, secret storage, or access to protected data. Even though HTTPS is shown, instructing agents or users to manually hash passwords and construct Authorization headers increases the chance of unsafe credential collection, logging, reuse, or exfiltration.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.