Back to skill

Security audit

Convertible Bond Research

Security checks across malware telemetry and agentic risk

Overview

This appears to be a disclosed external MCP integration that requires a user-provided bearer token, with no evidence of hidden or destructive behavior.

Install only if you trust the Anchor Data MCP service and are comfortable with relevant prompts, tool requests, and results being handled by that service. Use a least-privilege token if available, avoid sharing configs that contain the bearer token, and rotate or revoke the token if it may have been exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

External Transmission

Medium
Category
Data Exfiltration
Content
{
  "mcpServers": {
    "anchor-bond": {
      "url": "https://api.anchor-data.cn/api/mcp",
      "headers": {
        "Authorization": "Bearer anchor_xxxxxx"
      }
Confidence
84% confidence
Finding
https://api.anchor-data.cn/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.