Quick Test

Security checks across malware telemetry and agentic risk

Overview

This appears to be a debugging helper, but it gives overly broad command-running guidance and may expose local environment details.

Review before installing. Use only in a non-sensitive workspace, avoid environment-dump commands, and do not let untrusted prompts or users choose commands for it. The concern is broad local command authority and possible accidental disclosure, not proven malicious behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (10)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: def run_command(cmd, description=""): """Run a command and return result.""" try: result = subprocess.run(cmd, shell=True, capture_output=True, text=True, timeout=30) return { 'command': ' '.join(cmd), 'description': description,
Confidence: 98% confidence
Finding: result = subprocess.run(cmd, shell=True, capture_output=True, text=True, timeout=30)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 94% confidence
Finding: The skill advertises shell-command capability but does not declare corresponding permissions or constraints. This creates a transparency and policy gap: users or the platform may invoke a skill that can execute commands without clear consent boundaries, increasing the risk of unintended system access or abuse.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The skill captures and displays environment variable data during a 'quick test', which exceeds the minimally necessary scope for verifying command execution. Environment variables frequently contain secrets such as API keys, tokens, service endpoints, and usernames, so exposing even a subset can leak sensitive operational data to logs or users.

Context-Inappropriate Capability

Medium

Confidence: 87% confidence
Finding: The script performs a filesystem write to /tmp as part of a simple verification routine, adding a modification capability that is not clearly necessary for the stated purpose. Unnecessary writes can create artifacts, interfere with other processes, and normalize broader write behavior in a skill that users may expect to be read-only or minimally invasive.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The description is broad enough to match many generic debugging or system-status requests, which can cause the skill to trigger in contexts where command execution was not specifically intended. Overbroad invocation increases the chance that a powerful skill is selected for unrelated tasks and exposes system information or runs commands unnecessarily.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The documentation explicitly supports execution of arbitrary custom system commands such as `--command "pwd"` and `--command "ls -la"` without any safety warning, validation rules, or restrictions. A user or downstream agent could supply dangerous commands, leading to command injection, data exposure, destructive actions, or execution of untrusted binaries available in PATH.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The examples expose environment and filesystem details such as username, OS, and working directory without any privacy warning. In real deployments, these details can help attackers profile the host, locate sensitive directories, or tailor follow-on attacks.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The script reads and displays environment data without clearly warning the user, which creates a transparency and consent issue in addition to the confidentiality risk. In a diagnostic tool, surprise disclosure of environment values is especially risky because users may not realize secrets or internal configuration will be surfaced in output logs.

Missing User Warnings

Low

Confidence: 82% confidence
Finding: The script creates a file in /tmp without explicitly warning the user, which is an unexpected side effect for a quick system-status check. Even though the impact is limited, undisclosed write behavior reduces trust and can be problematic in constrained or audited environments.

Unrestricted Tool Access

Medium

Category: Excessive Agency
Content: - ✅ **Python Availability Check** / **Verificação de Disponibilidade do Python** - Confirms Python 3.x installed - ✅ **System Command Execution** / **Execução de Comando do Sistema** - Runs and validates system commands - ✅ **File System Access** / **Acesso ao Sistema de Arquivos** - Verifies directory access and permissions - ✅ **Custom Command Support** / **Suporte a Comandos Customizados** - Run any command with validation - ✅ **Working Directory Check** / **Verificação de Diretório de Trabalho** - Confirms current location - 📝 **Detailed Logging** / **Log Detalhado** - Comprehensive output for debugging
Confidence: 92% confidence
Finding: Run any command

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal