Back to skill

Security audit

License Selector

Security checks across malware telemetry and agentic risk

Overview

This license-selection skill is safe to install, but it includes unrelated promotional and affiliate links users should treat as advertising.

Before installing, be aware that the useful license-selection instructions are mixed with ads, affiliate links, and commercial contact information. Treat those links as advertising and verify any legal licensing advice independently for important projects.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Description-Behavior Mismatch

Low
Confidence
94% confidence
Finding
The skill advertises itself as a license-selection assistant, but a substantial portion of the file is unrelated marketing content and affiliate links. This creates prompt-integrity and trust issues because the agent may surface promotional material instead of focusing on the user’s requested licensing guidance, and affiliate links can bias outputs toward the author’s commercial interests.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.