Back to skill

Security audit

UV Global

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Python environment helper with supply-chain risk from installation, but no evidence of deception, exfiltration, or unrelated privileged behavior.

Install only if you are comfortable with a persistent shared Python environment in ~/.uv-global and with trusting the uv installer plus the preinstalled Python packages. For lower risk, install uv yourself first, review install.sh before running it, avoid prepending ~/.uv-global/.venv/bin to PATH unless you need it, and periodically inspect or reset the environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill instructs the agent to run shell commands, access environment state, and potentially fetch/install software over the network, yet it declares no permissions or equivalent warning metadata. This creates a transparency and consent gap: users may trigger installation and persistent environment changes without clear indication that network access and shell execution are involved.

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The installer claims to provision a global uv environment for ad hoc Python scripts, but it silently preinstalls a wide range of unrelated packages including networking, scraping, media, blockchain, and LLM libraries. This expands the attack surface, increases supply-chain exposure, and violates least surprise for a narrowly described utility skill.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The script fetches and executes a remote shell script directly via curl piped to sh, which gives immediate code execution to whatever content is served from that URL or tampered with in transit or upstream. For a skill whose purpose is just setting up a reusable Python environment, this is an unnecessarily dangerous installation path.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The installation guidance does not prominently warn that it writes to ~/.uv-global and suggests prepending that environment's bin directory to PATH, which can change which python/pip/shims are executed in future commands. While not inherently malicious, this can surprise users and lead to unintended persistence or command shadowing.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The fallback installation path executes a remote installer without any explicit warning, review step, or user confirmation. Even if the upstream source is legitimate, silent execution of fetched shell code materially increases the chance of accidental compromise.

Session Persistence

Medium
Category
Rogue Agent
Content
# UV Global

Create and reuse a global `uv` environment at `~/.uv-global` so you can install Python dependencies for quick, ad hoc scripts without polluting the system interpreter.

Lightning-fast setup that keeps one shared virtual environment ready for temporary tasks.
Confidence
84% confidence
Finding
Create and reuse a global `uv` environment at `~/.uv-global` so you can install Python dependencies for quick, ad hoc scripts without polluting the system interpreter. Lightning-fast setup that keeps

External Script Fetching

Low
Category
Supply Chain
Content
set -ue

# install uv if not exists
command -v uv > /dev/null 2>&1 || brew install uv || (curl -LsSf https://astral.sh/uv/install.sh | sh)

UV_PROJECT=$HOME/.uv-global
UV_ENV_FILE=${UV_PROJECT}/.env
Confidence
96% confidence
Finding
curl -LsSf https://astral.sh/uv/install.sh | sh

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.