Back to skill

Security audit

Agent Health

Security checks across malware telemetry and agentic risk

Overview

This appears to be a disclosed endpoint health-checking tool, with a caution that its optional CI verifier can execute local Python test files if a user runs it.

Install only if you are comfortable with a local Python tool reading endpoint lists and making outbound checks to those endpoints. Do not run the included CI verifier against untrusted repositories or submitted folders unless it is sandboxed without secrets or sensitive filesystem access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def has_self_test(fp):
    r = subprocess.run([sys.executable, fp, "self-test"], capture_output=True, text=True, timeout=30)
    return r.returncode == 0 and "PASS" in r.stdout
Confidence
97% confidence
Finding
r = subprocess.run([sys.executable, fp, "self-test"], capture_output=True, text=True, timeout=30)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
tests = [os.path.join(folder, f) for f in os.listdir(folder)
                 if (f.startswith("test_") or f.endswith("_test.py")) and f.endswith(".py")]
        if tests:
            st_ok = all(subprocess.run([sys.executable, t], capture_output=True, text=True,
                                      timeout=30).returncode == 0 for t in tests)
            st_note = f"{len(tests)} test_*.py"
        elif re.search(r"(?im)^test\s*:", skill_txt):
Confidence
98% confidence
Finding
st_ok = all(subprocess.run([sys.executable, t], capture_output=True, text=True, timeout=30).returncode == 0 for t in tests)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill documentation instructs users to download and run a Python script from the network and explicitly describes capabilities that require file access, network probing, and shell execution, yet no permissions are declared. This creates a trust and review gap: an agent or operator may approve the skill without understanding the actual execution scope, increasing the chance of unintended network access or local command execution.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.