Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 70% confidence
- Finding
- Without declared permissions the skill's intent is opaque and cannot be validated.
Graphiti
Security checks across malware telemetry and agentic risk
Overview
This skill transparently lets an agent search and add memories in a Graphiti knowledge graph, with no hidden or malicious behavior found.
Install this only if you want the agent to query and add persistent entries to your Graphiti knowledge graph. Verify the Graphiti endpoint before use, prefer Clawdbot config because the documented GRAPHITI_URL fallback is not actually honored by the helper script, and avoid storing secrets or untrusted content as memories.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
- MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)
Tp4
High
- Category
- MCP Tool Poisoning
- Confidence
- 95% confidence
- Finding
- This is a mismatch because the declared description promises knowledge graph operations such as searching facts, adding episodes, and extracting entities/relationships, but the provided code does none of those things. Instead, it acts as an environment discovery and service-availability check utility. While a health check could be a supporting utility, it is the entirety of the code shown, so the actual implemented behavior materially differs from the declared primary purpose.
External Transmission
Medium
- Category
- Data Exfiltration
- Content
```bash bash command:" GRAPHITI_URL=\$({baseDir}/references/env-check.sh) curl -s -X POST \"\$GRAPHITI_URL/facts/search\" \ -H 'Content-Type: application/json' \ -d '{\"query\": \"YOUR_QUERY\", \"max_facts\": 10}' | jq . "- Confidence
- 60% confidence
- Finding
- curl -s -X POST \"\$GRAPHITI_URL/facts/search\" \ -H 'Content-Type: application/json' \ -d
External Transmission
Medium
- Category
- Data Exfiltration
- Content
```bash bash command:" GRAPHITI_URL=\$({baseDir}/references/env-check.sh) curl -s -X POST \"\$GRAPHITI_URL/messages\" \ -H 'Content-Type: application/json' \ -d '{\"name\": \"EPISODE_NAME\", \"content\": \"EPISODE_CONTENT\"}' | jq . "- Confidence
- 60% confidence
- Finding
- curl -s -X POST \"\$GRAPHITI_URL/messages\" \ -H 'Content-Type: application/json' \ -d
External Transmission
Medium
- Category
- Data Exfiltration
- Content
```bash bash command:" GRAPHITI_URL=\$({baseDir}/references/env-check.sh) curl -s -X POST \"\$GRAPHITI_URL/facts/search\" \ -H 'Content-Type: application/json' \ -d '{\"query\": \"Tell me about Essam Masoudy\", \"max_facts\": 5}' "- Confidence
- 60% confidence
- Finding
- curl -s -X POST \"\$GRAPHITI_URL/facts/search\" \ -H 'Content-Type: application/json' \ -d '{\"query\": \"Tell me about Essam Masoudy\", \"max_facts\": 5}' " ``` Add a memory: ```bash bash comman
VirusTotal
66/66 vendors flagged this skill as clean.