Exchange Rate

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed exchange-rate lookup skill that runs a small local script and contacts a fixed public API, with minor documentation and validation gaps.

Install only if you are comfortable with the agent running the bundled shell script and making requests to the 60s exchange-rate API. Prefer ordinary ISO 4217 currency codes, and ensure curl and jq are available before use.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill instructs the agent to execute a shell script, but the skill manifest does not declare any permissions despite requiring shell capability. This creates a trust and containment gap: an orchestrator or reviewer may treat the skill as low-privilege while it can actually invoke command execution and external network access through the script.

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The script behavior does not match the stated skill purpose of querying an exchange rate between two currencies: a special target value of "AAA" returns the entire upstream API response instead of a single pairwise rate. This expands the tool's data exposure and functionality beyond what users and integrators would reasonably expect, which is risky in agent settings because hidden modes can bypass policy assumptions or output-shaping controls.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal