Simplehash

Security checks across malware telemetry and agentic risk

Overview

The skill appears to describe two different products, which could make an agent use it for the wrong kind of request.

Review before installing. The publisher should align the name, description, and SKILL.md body so the skill is clearly only invoked for SimpleHash/NFT intelligence, or only for the CRM domain if that is the real purpose. Do not use it for sensitive CRM/business records until the scope is corrected.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: The manifest description says this skill manages CRM-style entities like Deals, Persons, and Organizations, but the body documents a SimpleHash NFT intelligence integration. This mismatch can cause the agent to invoke the wrong skill for unrelated business-data tasks, leading to unintended external API access, incorrect actions, or disclosure of user data to the wrong service.

Intent-Code Divergence

High

Confidence: 98% confidence
Finding: The skill is labeled as a SimpleHash integration, but its description text describes a different product domain entirely. Contradictory identity metadata is dangerous because orchestration systems often rely on manifest fields for tool selection, so a user asking about CRM records could accidentally trigger an NFT-related integration or vice versa.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal