HuDy

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward HuDy MCP setup guide for Korean holiday and business-day tools, with expected API-key use and disclosed custom holiday management.

Install only if you intend to use hudy.co.kr and are comfortable sending queried dates and custom holiday names to that service. Keep HUDY_API_KEY private, and confirm the exact date/name before allowing create, update, or delete actions because those records can affect later business-day calculations and calendar sync.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 94% confidence
Finding: This skill sends user queries and custom holiday management data to an external HuDy MCP service, but the description does not clearly disclose that queried dates and custom holiday metadata leave the platform. While the data involved is usually low sensitivity, custom holidays can encode internal business events or personal schedule information, so the lack of disclosure creates a privacy and informed-consent issue.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal