File Uploader

Security checks across malware telemetry and agentic risk

Overview

This skill appears to upload local files to a remote service and return shareable links, but its scope and public-sharing implications are not disclosed clearly enough.

Install only if you trust the upload service and are comfortable with selected local files being sent to a remote server and potentially exposed through a public link. Use it only for files you intentionally want to share, avoid sensitive documents unless the service provides access controls, and verify the configured host and bearer token before use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill documentation describes reading local files and uploading them over the network, but it does not declare corresponding permissions. That mismatch reduces transparency and weakens security review because a caller may not realize the skill can access local data and exfiltrate it to an external service.

Context-Inappropriate Capability

Medium

Confidence: 89% confidence
Finding: The script automatically reads a bridge host and bearer token from a privileged local config file and uses them to perform authenticated network operations. That gives the skill access to ambient credentials the user did not explicitly provide at runtime, increasing the risk of unintended data transfer or abuse if the script is invoked on untrusted input or in a broader agent workflow.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger guidance is overly broad: 'When the user wants to obtain the file' can match many benign file-access requests that do not imply consent to publish the file externally. In this skill's context, broad invocation is more dangerous because the action uploads a local file and returns a public URL, creating risk of unintended data disclosure.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill repeatedly emphasizes generating a download URL but does not clearly warn that uploaded files become publicly accessible. This is dangerous because users or calling agents may upload sensitive local files under the mistaken assumption that the link is private or limited-access, leading to direct confidentiality loss.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The script transmits arbitrary local file contents and optional session metadata to a remote server using an automatically loaded bearer token, but provides no explicit warning or consent boundary beyond the command invocation itself. In an agent-skill context, this is more dangerous because a caller may treat the tool as a simple file helper while it actually performs authenticated exfiltration of local data to an external service.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal