Back to skill

Security audit

Octolens

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Octolens API helper, but users should handle their Octolens API key carefully.

Install only if you intend to let the agent query your Octolens account. Prefer a least-privileged Octolens API key, avoid pasting real keys into shell commands when a safer secret mechanism is available, and treat exported mention data as potentially business-sensitive.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill manifest declares only the Read tool, yet the documentation clearly requires outbound network access to call the Octolens API and execute fetch-based workflows. This mismatch can cause agents or reviewers to underestimate the skill's true capabilities and may lead to unsafe execution paths or policy bypass if the runtime permits networked code despite the manifest.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The documentation instructs agents to run bundled Node.js scripts even though the manifest only allows the Read tool. That inconsistency encourages agents to exceed declared boundaries, undermines tool isolation assumptions, and can result in execution of local code with network access and user-supplied secrets.

Context-Inappropriate Capability

Low
Confidence
84% confidence
Finding
The skill tells the agent to ask for the user's API key and store it for subsequent requests, which introduces credential handling and retention behavior. Even if intended for convenience, encouraging persistence of secrets increases the chance of accidental disclosure through logs, memory reuse, or later prompt/context exposure.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The examples pass the API key directly on the command line, which can expose credentials through shell history, process listings, audit logs, and telemetry. Because the skill explicitly solicits sensitive tokens, omitting a warning or safer pattern materially increases the risk of credential leakage.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README repeatedly instructs users to pass the Octolens API key as a positional command-line argument, which can expose the secret through shell history, process listings, CI logs, and shared terminal recordings. In this skill context, the scripts are intended for operational API access, so encouraging unsafe secret handling increases the chance of credential leakage and unauthorized use of the Octolens account.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script requires the API key as a positional command-line argument, which can expose the credential through shell history, process listings, audit logs, and CI job output. Because this skill is specifically designed to access a third-party API, leaking the bearer token could allow unauthorized access to the user's Octolens data and API quota.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script requires the API key as a positional command-line argument, which can expose the credential through shell history, process listings, CI logs, and telemetry on shared systems. While this is a common convenience pattern in small scripts, it creates a real secret-handling weakness because the key is sent in cleartext via argv with no warning or safer alternative.

Ssd 3

Medium
Confidence
91% confidence
Finding
The instruction to retain and reuse the user's API key across subsequent requests creates unnecessary credential persistence. The longer a secret is kept in agent context or intermediate state, the greater the chance it is exposed to unrelated tasks, debugging output, or accidental replay.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.