DeepWiki MCP Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward DeepWiki helper that sends GitHub repository questions to an external MCP service, with no evidence of hidden or harmful behavior.

Install this only if you are comfortable using uxc, creating the deepwiki-mcp-cli link, and sending repository names plus your questions to DeepWiki. Do not include secrets, access tokens, proprietary private-code details, or sensitive internal context unless sharing that information with DeepWiki is authorized.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill instructs users to send repository names and free-form questions to `mcp.deepwiki.com` but does not clearly warn that these inputs leave the local environment and are transmitted to a third-party service. This can lead users to disclose sensitive repository identifiers, internal project names, code-related questions, or other confidential context under the assumption the skill is purely local documentation tooling.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal