CMC Kline Data Collector

Security checks across malware telemetry and agentic risk

Overview

This appears to be a crypto market-data export skill whose network access, file outputs, and optional scheduling fit its stated purpose, but users should control where it writes and whether it runs on a schedule.

Install only if you want an agent to fetch crypto market data and write reports locally. Use a dedicated workspace directory for exports, check whether files are overwritten, and do not enable cron scheduling unless you actually want recurring network calls and ongoing file generation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill documentation describes network access to CoinMarketCap and filesystem writes, but no explicit permissions are declared. That creates a transparency and consent problem: a user or host system may treat the skill as lower risk than it really is, while it can still perform external requests and persist data locally. The scheduled execution context increases risk because those capabilities can run unattended and repeatedly.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 89% confidence
Finding: The documented behavior does not match the reported implementation: outputs, history range, CSV export, and indicator calculation behavior are inconsistent. This is dangerous because users may rely on the skill for financial data processing or automation while receiving incomplete, malformed, or misleading results, and may enable scheduled jobs based on false assumptions. In security terms, behavior mismatch undermines informed consent and makes hidden or unintended side effects harder to assess.

Missing User Warnings

Low

Confidence: 83% confidence
Finding: The skill instructs users to save JSON and CSV files but does not warn about filesystem modification, overwrite behavior, or destination safety. That can lead to accidental data loss, writes into sensitive directories, or misuse in automated environments where paths are parameterized or reused. While not overtly malicious, silent file-write behavior is a real safety concern.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The documented crontab enables recurring unattended network access and file output without any warning about persistence, resource usage, failures, or ongoing data generation. Unattended scheduled execution raises the stakes because even a benign data collector can generate repeated external traffic, fill storage, overwrite artifacts, or continue running after the user forgets it was enabled.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal