Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 70% confidence
- Finding
- Without declared permissions the skill's intent is opaque and cannot be validated.
Action Gate Bridge
Security checks across malware telemetry and agentic risk
Overview
This skill is a disclosed safety bridge that routes risky external actions through approval checks rather than silently performing them.
Install this only if you intend to use a local or configured action-gate sidecar for risky external actions. Review the endpoint environment variables before use, and treat routed HTTP write requests as potentially high impact because the downstream sidecar or proxy may be able to execute them after approval.
SkillSpector
By NVIDIA
Vulnerability Patterns
- MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)
VirusTotal
66/66 vendors flagged this skill as clean.