Back to skill

Security audit

Uptime Monitor

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward uptime-monitoring skill that checks user-specified URLs, optionally sends alerts, and keeps local logs.

Install only if you are comfortable letting the skill make HTTP requests to URLs you provide and send outage details to any configured webhook or email address. Avoid secrets in monitored URLs, use a narrowly scoped webhook, and periodically clear local uptime logs if endpoint names or history are sensitive.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill declares no permissions even though it clearly invokes shell-based capabilities and performs network operations via curl. This creates a transparency and policy-enforcement gap: users or the platform may approve the skill without understanding that it can execute shell commands, access environment variables, send outbound requests, and write logs.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.