Jingyi Module

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed documentation lookup and code-generation helper, with no evidence of hidden data access, persistence, or unsafe behavior.

Before installing, understand that command lookups may send the command id or name to ec.ijingyi.com. Also note that the inspected package does not include the advertised command index file, so search may fail unless the index is supplied or rebuilt.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill instructs the agent to run local Python scripts and to fetch data from an external website, which implies filesystem and network access, yet no permissions are declared. This creates a transparency and governance gap: a caller or platform may treat the skill as low-privilege while it actually performs higher-risk operations such as reading local datasets and making outbound requests.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 88% confidence
Finding: The declared purpose says the skill searches docs and generates runnable code, but the described behavior also includes maintaining a local index from a sibling dataset and relying on undocumented local data sources. This mismatch can mislead users and security controls about what the skill actually does, increasing the chance of unreviewed data access paths and unsafe operational assumptions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal