Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 70% confidence
- Finding
- Without declared permissions the skill's intent is opaque and cannot be validated.
Deep Research Agent
Security checks across malware telemetry and agentic risk
Overview
This is a broad research prompt/template skill, and its files do not show hidden credential access, persistence, data theft, or destructive behavior.
Install this if you want a broad deep-research workflow that may use web/source extraction heavily. Be aware it may trigger on generic research wording, and review the language/report templates if you need a narrower or non-Japanese/English workflow.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
- MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
- MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)
Tp4
High
- Category
- MCP Tool Poisoning
- Confidence
- 99% confidence
- Finding
- This is a clear mismatch because the declared purpose claims end-user research and analysis functionality, but the actual code only provides developer tooling for packaging and validating a skill. There is no research, source gathering, market analysis, academic survey, or report-generation behavior present. The primary purpose of the code is materially different from the description.
Vague Triggers
Medium
- Confidence
- 92% confidence
- Finding
- The manifest description says the skill should be used for "any topic requiring 100+ source verification" and lists generic triggers like "research", "deep dive", and "thorough analysis". These phrases are broad enough to match many normal user requests, and the file does not provide exclusion conditions or clearer scope boundaries to prevent unintended invocation.
Natural-Language Policy Violations
Low
- Confidence
- 77% confidence
- Finding
- This markdown file includes a structured language field limited to specific locale buckets and the surrounding template heavily assumes Japanese/English research output. Because the file does not state that language selection is optional or user-driven, it can be read as enforcing a language/locale policy without opt-in.
VirusTotal
64/64 vendors flagged this skill as clean.