my-test-skill-4-xn

Security checks across malware telemetry and agentic risk

Overview

This is a narrow calculator MCP skill, but it sends its bearer token to a disclosed private HTTP endpoint, so users should only use it on a trusted protected network.

Install only if you trust the MCP server at 192.168.71.7:8000 and the network path to it. Use a token scoped only to this calculator service, avoid untrusted networks, and prefer HTTPS or another protected transport before using real credentials.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The skill presents itself as a simple calculator service, but the required secret is named `XINIUDATA_MCP_TOKEN`, which suggests a different backend or reused credential context. This mismatch can mislead operators into supplying an unrelated sensitive token to an internal HTTP endpoint, increasing the risk of credential misuse or accidental exfiltration.

External Transmission

Medium

Category: Data Exfiltration
Content: ```bash # 1. 初始化 session，获取 session ID SESSION_ID=$(curl -s -D - -X POST http://192.168.71.7:8000/mcp \ -H "Content-Type: application/json" \ -H "Accept: application/json, text/event-stream" \ -H "Authorization: Bearer $XINIUDATA_MCP_TOKEN" \
Confidence: 96% confidence
Finding: curl -s -D - -X POST http://192.168.71.7:8000/mcp \ -H "Content-Type: application/json" \ -H "Accept: application/json, text/event-stream" \ -H "Authorization: Bearer $XINIUDATA_MCP_TOKEN" \ -

External Transmission

Medium

Category: Data Exfiltration
Content: }' | grep -i "mcp-session-id" | awk '{print $2}' | tr -d '\r') # 2. 发送 initialized 通知 curl -s -X POST http://192.168.71.7:8000/mcp \ -H "Content-Type: application/json" \ -H "Accept: application/json, text/event-stream" \ -H "Authorization: Bearer $XINIUDATA_MCP_TOKEN" \
Confidence: 96% confidence
Finding: curl -s -X POST http://192.168.71.7:8000/mcp \ -H "Content-Type: application/json" \ -H "Accept: application/json, text/event-stream" \ -H "Authorization: Bearer $XINIUDATA_MCP_TOKEN" \ -H "mc

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal