废弃mcp

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only skill for reviewing deprecated project content, with no executable code or hidden data access.

This appears safe to install as a deprecation-review assistant. Define the deprecated scope clearly and review proposed deletions or replacements before allowing edits, especially because the skill may activate for broad cleanup or legacy-content requests.

Publisher note

测试验证，已废弃

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger description is broad enough to match common maintenance requests involving old content, cleanup, or legacy code, which can cause this skill to activate in situations beyond narrowly scoped deprecation analysis. That increases the chance of unintended routing and inappropriate guidance, especially if the user did not ask specifically for deprecation handling.

Natural-Language Policy Violations

Medium

Confidence: 88% confidence
Finding: Mandating Chinese responses without user opt-in can override user preference and system-level interaction expectations, creating a prompt-scope violation. While not directly enabling code execution or data exfiltration, it can degrade reliability, confuse users, and interfere with safe handling if warnings or clarifications are delivered in an unexpected language.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal