Back to skill

Security audit

Autoloop Controller

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed review helper, but it defaults to running nested review commands with full sandbox bypass, which is broader than most users would expect.

Install only if you are comfortable with a review helper that can launch nested reviewer commands with broad local authority by default. Prefer running it with `--no-yolo` or `AUTOREVIEW_YOLO=0`, avoid untrusted branches, and check any configured fallback reviewer before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill clearly instructs use of shell execution (`python3 scripts/autoloop.py`) and writes persistent artifacts such as `autoloop_state.json`, `iteration_log.jsonl`, and handoff files, but declares no permissions. This mismatch is a real security issue because it hides operational capabilities from policy enforcement and review, making it easier for a caller to invoke file writes and subprocess behavior without explicit authorization boundaries.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.