Back to skill

Security audit

cae-skill

Security checks across malware telemetry and agentic risk

Overview

This CAE automation skill is purpose-aligned, but it can force-close local engineering applications by default without clear warning or confirmation.

Install only if you are comfortable giving the agent control over local CAE applications. Save work before using close_app, require explicit confirmation before any forced close, and treat Abaqus .py/.jnl files as executable scripts. Only save trusted executable paths.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill advertises capabilities consistent with reading and writing configuration files and invoking local executables, yet it declares no permissions. That mismatch undermines consent and policy enforcement, especially because the skill can launch and close desktop applications and persist user-supplied executable paths, which are sensitive local actions.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill description states it can close apps, and the action list includes an optional force flag, but there is no clear user warning that local applications may be terminated and potentially force-closed. In a workstation automation context, that can cause loss of unsaved engineering work or interrupt active simulations, making the omission materially risky even if the feature is intended.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The skill can save user-provided executable paths to configuration, but the description does not warn that these paths are persisted. While lower severity than process termination, silent persistence of local paths can expose sensitive filesystem structure, create trust issues, and increase the chance that a bad path is later reused to execute an unintended binary.

Missing User Warnings

High
Confidence
93% confidence
Finding
The close_app function force-terminates configured processes by default using taskkill /F, which can immediately kill active CAE sessions and discard unsaved engineering work. In an agent context, this is dangerous because a caller can trigger destructive termination of local applications without any confirmation, grace period, or attempt at safe shutdown.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.