PluginEval Core

Security checks across malware telemetry and agentic risk

Overview

This skill is a local skill-quality evaluator with read-only default behavior, but it includes an optional write mode users should invoke carefully.

Use it normally for read-only checks with --layer1 or --anti-patterns. Before using --auto-fix --allow-write, run the preview first and apply it only on a version-controlled or disposable copy, because it can modify SKILL.md and remove empty reference files in the target skill directory.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 87% confidence
Finding: The skill advertises no declared permissions, yet its documented usage and the associated analysis indicate read/write capabilities. Undeclared write access is dangerous because users and orchestrators cannot accurately assess what the skill may modify, which breaks least-privilege expectations and can lead to unintended file changes in skill directories.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The documented purpose presents the skill as a self-contained evaluation engine, but the observed behavior includes auto-fixing SKILL.md, creating backups, deleting empty files, and a write-capable mode. This mismatch is dangerous because users may invoke what appears to be a passive analyzer while actually granting a mutating tool the opportunity to alter or delete repository contents.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal