Back to skill

Security audit

skill-graph-for-analogical-reasoning

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local graphing tool for SKILL.md folders, with user-directed reads and writes and no evidence of exfiltration, deception, or destructive behavior.

Install this if you are comfortable letting it scan the local skill directories you point it at and write graph/HTML files to paths you choose. Be aware that query results may show whether required environment variables or binaries for scanned skills appear to be missing, though not the secret values themselves.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill explicitly permits code-backed execution via python3 and describes commands that read from skill folders, write graph artifacts, and invoke a shell-accessible wrapper, but it does not declare corresponding permissions. This creates a trust and containment gap: a runtime or reviewer may assume the skill is low-privilege while it can actually access environment data, read local files, and write output files during build/query/look flows.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The code probes the host environment with `os.getenv(...)`, `shutil.which(...)`, and `platform.system()` to score each discovered skill's readiness. That behavior goes beyond passive analysis of `SKILL.md` content and can disclose system configuration details into query results (`readiness_evidence`) or alter behavior based on local host state, which is unnecessary for the stated graph-building purpose.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.