Back to skill

Security audit

Cn Model Gateway

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed model gateway that sends user prompts to configured AI providers and keeps minimal local usage statistics.

Install this only if you are comfortable sending prompts to the configured third-party model providers and storing API keys locally in config.json. Do not submit secrets, credentials, or sensitive business data unless your provider accounts and policies permit it, and keep config.json out of public repositories.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill clearly describes capabilities that read local configuration and usage data and make outbound network calls to multiple model providers, yet no explicit permissions are declared. This creates a transparency and governance gap: users and host agents may grant or run the skill without understanding that it accesses local files and sends prompts and API-backed data over the network.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The ask_model and compare_models tools send raw user-provided questions to external model providers through router.chat() and router.compare_models() without any visible disclosure or consent mechanism in this file. In an agent/MCP context, users may provide sensitive code, credentials, or business data, creating a real data exfiltration and privacy risk to third-party services.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The server records full tool arguments and results via self.monitor.record_call(name, args, result), which may capture sensitive prompts, model outputs, and embedded secrets without any visible minimization or disclosure. Logging conversational content in a gateway service increases the blast radius of any compromise of telemetry, debugging stores, or operator access.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.