Security audit

Chmod Tool

Security checks across malware telemetry and agentic risk

Overview

This is a small local chmod helper that does what its name implies, but changing file permissions can weaken access controls if used carelessly.

Install only if you want an agent-accessible chmod helper. Use explicit paths, avoid changing permissions on sensitive system, credential, or account files, and note that this version appears to support only octal modes for one file despite documenting symbolic and recursive examples.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill clearly implies shell-backed execution of chmod operations, but the metadata shown does not declare any permissions. Undeclared shell capability is risky because it can modify filesystem permissions on arbitrary paths, potentially making sensitive files writable or executable and bypassing expected trust and review boundaries.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.