Back to skill

Security audit

FBoxMCP

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed FBox industrial IoT management skill, but it should only be installed by authorized operators because it can view sensitive device data and perform confirmed operational actions.

Install only if you are authorized to manage the FBox devices on this account. Use least-privilege API keys, keep FBOXMCP_API_KEY out of code and shared shells, rotate it regularly, and verify the endpoint and publisher. Treat device configuration, network details, location, alarms, historical readings, PLC writes, alarm confirmations, and VNC screens as sensitive operational data/actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The installation guide instructs users to place a long-lived API key in an environment variable and use it in authorization headers, but it gives no warning about secure storage, shell history leakage, process inspection, rotation, or least-privilege handling. Because this skill manages industrial IoT devices and remote monitoring capabilities, compromise of the key could enable unauthorized access to operational technology data or actions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README advertises state-changing capabilities such as PLC point writes, alarm acknowledgement, and remote VNC access without any warning about operational or safety consequences. In an industrial IoT context, these actions can affect live equipment, mask active faults, or enable unsafe remote intervention, increasing the chance of accidental misuse by users or downstream agents.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The usage examples include operational requests like confirming alarms and opening remote monitoring screens with no caution that these may change device or operator state. In industrial environments, normalization of such commands without warnings can lead an agent or user to trigger sensitive actions casually, including acknowledging alarms that should remain visible until reviewed.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger description includes broad, ambiguous keywords such as device status, sensor data, alarms, remote monitoring, and VNC/operations terms, which can cause the skill to activate in contexts the user did not intend. In an industrial IoT skill, accidental invocation is more dangerous than usual because the skill exposes operational data and can lead users into workflows that include sensitive write actions or remote access features.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.