baeckerherz

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed brand-information helper whose included script only prints static Baeckerherz details.

This appears safe for its stated purpose. Before installing, note that it asks for command execution so the agent can run its included local script; users who only want static documentation could inspect the SKILL.md or README instead of granting exec.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The manifest requests the "exec" permission even though the skill is described as a brand/feature overview and planning namespace, which should not normally require command execution. This mismatch increases the risk that the skill can run local shell commands under misleading pretenses, expanding attack surface and enabling abuse if the referenced script is unsafe or later modified.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The description presents the skill as informational and organizational metadata, but the manifest is configured to run a shell script via the scripts field. For a namespace/branding skill, executable behavior is unexpected and can conceal side effects, making users more likely to grant trust to a package that can actually execute commands.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal