Mcp Integration Guide

Security checks across malware telemetry and agentic risk

Overview

This is a simple markdown guide with visible external marketing and consulting links, but it contains no code, credential access, persistence, or hidden automation.

Install only if you want a lightweight MCP resource/link guide. Review the external GitHub, Gumroad, and consulting links independently before buying or relying on them, because the skill itself provides little hands-on MCP implementation guidance.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Description-Behavior Mismatch

Medium

Confidence: 97% confidence
Finding: The skill advertises itself as an MCP integration guide, but the substantive content in the flagged section is promotional material for GitHub playbooks, Gumroad products, and consulting services rather than operational guidance for MCP. In an agent skill ecosystem, this is dangerous because it can mislead users and downstream agents into surfacing affiliate/marketing content under the guise of technical guidance, enabling trust abuse, unwanted redirection, and supply-chain style social engineering.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal