Back to skill

Security audit

MinerDetector

Security checks across malware telemetry and agentic risk

Overview

This skill is openly a paid export tool, but it can charge a billing account with weak just-in-time consent controls and an under-disclosed billing host override.

Review before installing. Only use this if you intend to connect a SkillPay API key and pay for miner indicator exports. Before running fetch, confirm the exact charge amount and destination, avoid passing --amount unless intentional, and ensure MINERDETECTOR_BILLING_API_URL is unset or points to a billing host you trust.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Tainted flow: 'req' from os.environ.get (line 59, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
req = urllib.request.Request(url, data=data, headers=headers, method=method)
    try:
        with urllib.request.urlopen(req, timeout=30) as resp:
            body = resp.read().decode("utf-8", errors="replace")
    except urllib.error.HTTPError as exc:
        body = exc.read().decode("utf-8", errors="replace")
Confidence
92% confidence
Finding
with urllib.request.urlopen(req, timeout=30) as resp:

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill metadata does not explicitly declare permissions, yet the documented behavior requires access to environment variables, network endpoints, and file output. This mismatch weakens reviewability and informed consent because an agent or user may approve the skill without understanding that it can read API keys, contact external billing services, and write exported files to disk.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The agent behavior maps very broad phrases like 'update', 'refresh', 'download', or 'get' to the paid `fetch` action, which charges 0.01 USDT. Because these are common conversational terms, a user could trigger a billable network action unintentionally, especially when asking for general help or information rather than consenting to a purchase/export operation.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The fetch command performs a charge immediately based on CLI arguments and only reports failure after attempting the transaction, with no interactive confirmation or explicit user acknowledgement at execution time. In this skill's context, whose primary purpose is charging users to export bundled files, that increases the risk of unintended or opaque charges, especially when invoked by another agent or automation on a user's behalf.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.