Wikipedia

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Wikipedia lookup MCP server with disclosed outbound Wikipedia requests and no evidence of credential access, persistence, or hidden behavior.

Before installing, confirm you are comfortable with a local MCP server that sends your search titles and queries to Wikipedia and requires installing the Python requests package. No API key or sensitive credential access is shown in the artifacts.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill clearly performs outbound network access to Wikipedia APIs, but the manifest does not declare any corresponding permission. Undeclared network capability weakens user consent and platform policy enforcement because the skill can access external resources without an explicit permission boundary, even if the destination appears legitimate.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal