petkit-monitor

Security checks across malware telemetry and agentic risk

Overview

This skill mostly does what it claims, but it ships with a populated plaintext Petkit credential file and also saves passwords locally without protection.

Review this before installing. Do not use the bundled config.json credentials; remove them, and if they belong to you, rotate the Petkit password. Prefer a version that prompts for credentials at runtime or stores secrets in an OS keychain, pins its petkitaio dependency, and clearly documents where account data is stored.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 72% confidence
Finding: The skill appears to have file-write capability for saving configuration, but this capability is not declared. Undeclared persistence of local data is a security concern because it expands the skill's effective privilege surface and can surprise users or host systems that rely on declared permissions for trust decisions.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 89% confidence
Finding: The skill is presented as a device-monitoring tool, but it also stores and reads account credentials from a local config.json file. That behavior is security-sensitive and materially different from simple monitoring because local credential storage can expose passwords to other local processes, backups, logs, or accidental disclosure.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The script saves the PetKit username and password in plaintext to a local config.json file, creating a credential exposure risk if the file is read by other local users, included in backups, or accidentally committed to source control. In the context of a monitoring skill that handles an account for internet-connected pet devices, this is a real weakness because compromise could expose device data and potentially enable unauthorized access to the associated account.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal