Back to skill

Security audit

testcase-generator

Security checks across malware telemetry and agentic risk

Overview

This skill openly reads selected MySQL and Redis data to help generate API test cases, but it should only be used with safe test data or read-only sanitized sources.

Install only if you are comfortable letting the agent read the selected service config, database tables, and Redis keys. Prefer staging systems, read-only credentials, narrow table/key patterns, low limits, and sanitized data. Review generated JSON and any SQL setup/teardown before sharing it or running tests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The script reads arbitrary application YAML files to obtain live MySQL and Redis credentials, then connects to those services. This enables secret extraction and direct access to production-like data stores if an attacker or careless user supplies sensitive config paths, greatly increasing the chance of credential misuse and data exposure.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The CLI exposes broad data-extraction capability unrelated to narrowly generating test cases for a specific API endpoint. It allows arbitrary MySQL table names and Redis key patterns to be read and then dumped to stdout or a JSON file, which can enable mass access and exfiltration of sensitive production data if the skill is invoked in a privileged environment.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill instructs use of real MySQL and Redis data for LLM-based test generation without an explicit warning that sensitive records may be transmitted to the model. This creates a substantial risk of confidential business data, personal data, secrets, or cached tokens being exposed outside their intended storage boundary.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The script is designed to read live MySQL and Redis data and can output that data directly to stdout or a JSON file, yet it provides no user-facing warning, masking, consent gate, or safeguard around handling sensitive information. In the context of an agent skill, this increases the chance of silent disclosure of credentials-adjacent configuration and application data to logs, artifacts, or downstream consumers.

Ssd 3

Medium
Confidence
97% confidence
Finding
The prompt explicitly asks the LLM to ingest source code, schema details, and MySQL/Redis contents to generate outputs. That creates a direct natural-language exfiltration channel where sensitive internal data can be echoed, summarized, or embedded in generated test cases and related artifacts.

Ssd 3

Medium
Confidence
94% confidence
Finding
The skill's core design encourages reading real MySQL and Redis data as input to test generation, which normalizes disclosure of operational data to the model. In this context, the skill is more dangerous because its primary workflow depends on live data rather than synthetic fixtures or sanitized snapshots.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
scripts/data_reader.py:150

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
SKILL.md:201