Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 70% confidence
- Finding
- Without declared permissions the skill's intent is opaque and cannot be validated.
TOTP
Security checks across malware telemetry and agentic risk
Overview
This skill is a disclosed TOTP setup and verification helper, with sensitive secret and QR handling that is expected for its purpose.
Install only in a trusted workspace, keep setup output private, send the QR through a secure channel, delete qr.png immediately after enrollment, protect TOTP_SECRET, and still confirm destructive actions separately after a valid OTP.
SkillSpector
By NVIDIA
Vulnerability Patterns
- MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
- MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)
Tp4
High
- Category
- MCP Tool Poisoning
- Confidence
- 96% confidence
- Finding
- This is a mismatch because the declared purpose is limited to OTP verification for sensitive operations, while the actual code includes enrollment/provisioning functionality: generating a secret, building an otpauth URI, and saving a QR code for authenticator setup. The verification behavior does match the description, including the stated window of 2, but the extra secret-generation and QR provisioning capabilities are not mentioned in the description and therefore count as undeclared behavior.
VirusTotal
66/66 vendors flagged this skill as clean.