gettangemperors

Security checks across malware telemetry and agentic risk

Overview

This is a narrow, documented localhost API client for Tang emperor data, with no hidden persistence or destructive behavior found.

Install only if you expect to query a local service on 127.0.0.1:8080. Running the script will print whatever JSON that local backend returns, so make sure that service is trusted and that python3 plus the requests dependency are available.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill performs network access to a local HTTP service but does not declare any corresponding permission or clearly scope that capability. Undeclared network behavior reduces transparency and reviewability, and local-loopback access can still be sensitive because it may reach privileged developer services, internal admin panels, or agent-side backends that are not meant to be queried implicitly.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal