Back to skill

Security audit

Qveris

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a real QVeris client, but it can automatically route broad prompts into remote tool discovery and execution without enough user-facing boundaries.

Install only if you are comfortable with the agent using QVeris as a broad remote tool gateway. Use a dedicated QVerIS API key, avoid sending secrets or regulated personal/business data, and review the selected tool ID, provider, and parameters before execution; disabling auto-invoke or requiring confirmation would reduce accidental external calls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill advertises and documents use of an API key and external API/tool execution, which implies environment-variable access and network egress, yet it declares no permissions. This creates a transparency and governance gap: users and hosting platforms may not realize the skill can access secrets and send data to third-party services, increasing the chance of unsafe deployment or misuse.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly promotes dynamic discovery and execution of external tools and broad API access, but it does not warn users that using the skill will trigger outbound network requests or may invoke third-party actions based on model-selected tools. In an agent skill context, this omission is dangerous because users may not realize that prompts about stocks, trading, search, or analysis can cause autonomous interaction with external services, increasing the risk of unintended data disclosure, unexpected side effects, or execution of impactful tools.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README instructs users to search for and execute external APIs through QVeris but does not disclose that prompts, search queries, tool parameters, and possibly sensitive business data may be sent to a third-party service. In a skill designed for dynamic tool discovery and execution, this omission is security-relevant because users may unknowingly submit confidential data to an external provider.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill is marked auto_invoke and uses broad trigger patterns such as 'analysis', 'data', 'stock', 'trading', and common finance abbreviations, making accidental activation likely during ordinary conversation. Because the skill then performs dynamic external tool discovery/execution, unintended invocation can cause unexpected network calls and transmission of user-provided content to third parties.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly supports discovering and executing third-party tools but does not clearly warn that user inputs, derived parameters, and possibly contextual data may be sent to QVeris and downstream APIs. This weakens informed consent and increases privacy/compliance risk, especially given the dynamic nature of the external tools being selected at runtime.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.