Jrv Yaml Toolkit

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local YAML/JSON utility whose file-reading and optional file-writing behavior matches its stated purpose.

Use --output only with paths you intend to create or replace, preferably a new file when transforming important configuration, and review diffs before swapping files into production. Install PyYAML from a trusted Python environment if it is not already available.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 74% confidence
Finding: The skill exposes file-modifying behavior through set operations and --output, but does not clearly frame these as potentially destructive actions or define safe write semantics. In an agent setting, ambiguous write behavior can lead to unintended overwrites of configuration files, causing service disruption, configuration drift, or corruption of critical YAML assets.

Missing User Warnings

Low

Confidence: 67% confidence
Finding: Documenting file-writing behavior without any warning increases the chance that users or downstream agents will modify files without understanding the risk of overwriting important configuration. While not inherently malicious, this omission can contribute to accidental data loss or unintended configuration changes in automation contexts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal