Idea Capture

Security checks across malware telemetry and agentic risk

Overview

This skill is a useful local idea archive, but a crafted idea ID could make it write outside its documented ideas folder.

Review before installing. It does not appear malicious and has no network or credential behavior, but use only simple idea IDs such as lowercase slugs, avoid path-like IDs, and check changed files after running it until path validation is fixed.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill clearly instructs the agent to read and write repository files via `scripts/idea_capture.py`, but the skill metadata declares no explicit permissions. That mismatch can bypass operator expectations and policy checks, because a seemingly low-privilege skill is actually capable of modifying persistent project data under `ideas/` and related index/catalog files.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal