Back to skill

Security audit

Fold

Security checks across malware telemetry and agentic risk

Overview

This is a coherent FastFold API helper with expected risks around API keys, external sequence uploads, and optional public job sharing.

Install only if you are comfortable sending protein sequences, ligands, job parameters, and result requests to FastFold. Keep FASTFOLD_API_KEY in an uncommitted local .env file, do not paste it into chat, avoid custom --base-url values unless you trust the endpoint, and use --public or isPublic=true only when you intend results to be publicly accessible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill instructs the agent to use environment variables, read and create files such as .env, and make authenticated network requests, but the metadata does not declare corresponding permissions. This mismatch can undermine security review and consent controls because the skill's actual capabilities are broader than what a permission model would communicate to users or the host system.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The schema exposes an `isPublic` field but does not include an explicit warning that enabling it makes job results accessible without authentication via the public results behavior described elsewhere in the spec. In an agent context, this increases the risk of accidental data exposure because users or downstream tooling may treat it as a routine boolean without understanding the privacy consequence.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The dedicated endpoint for changing visibility to public/private lacks a strong warning about the security and privacy implications of making a job public, despite the results endpoint allowing unauthenticated access for public jobs. In an agent-driven workflow, this omission can lead to unintended publication of proprietary or sensitive biological sequences and associated prediction artifacts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal