Senseguard

Security checks across malware telemetry and agentic risk

Overview

SenseGuard appears to be a local security scanner, not malware, but its promised semantic analysis can report safe results even when that analysis was not actually performed.

Review before relying on this skill for security decisions. It is reasonable to treat it as a local rule-based scanner, but do not trust SAFE semantic results unless you manually perform and integrate the generated Layer 2 audit. Use narrow targets, consider `--no-cache` or a controlled `--cache-file` for private skills, and remember that VirusTotal was clean but does not resolve the tool's incomplete semantic-analysis behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 83% confidence
Finding: The skill advertises no declared permissions, yet its described usage invokes a local Python scanner and the static analyzer reports file read/write capabilities. That mismatch can cause the host or user to grant the skill broader filesystem access than expected, which increases risk because security-scanning skills often process untrusted content and may touch many files.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 94% confidence
Finding: The skill description claims semantic security scanning, but the reported behavior includes returning a default safe result in some CLI paths, relying on prompt preparation rather than actual semantic analysis, and persisting cache data on disk. For a security tool, this trust mismatch is dangerous because users may rely on inaccurate SAFE outcomes, overlook persistent data storage, and make security decisions based on capabilities the skill does not actually provide.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The code advertises a 3-layer security scan, but Layer 2 semantic analysis is never actually executed; instead it always returns a default placeholder result. This creates a false sense of protection and can allow prompt injection, hidden instructions, or other semantic attacks to pass undetected while users believe the scanner performed deeper analysis.

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The surrounding comments and workflow imply semantic analysis is part of the scan path, but the implementation substitutes a default result regardless of whether Layer 2 is supposedly used. This mismatch is dangerous because operators and downstream systems may rely on reports, scores, and ratings that appear comprehensive but are based on missing analysis.

Intent-Code Divergence

Medium

Confidence: 98% confidence
Finding: The fallback path returns an object explicitly labeled as "overall_risk": "safe" even though the accompanying fields state that semantic analysis was not performed. In a security scanner, this fail-open behavior can cause downstream components or users to treat unanalyzed or parse-failed content as trusted, suppressing review of potentially malicious skills.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal