CapForge

Security checks across malware telemetry and agentic risk

Overview

CapForge is a disclosed repository-scanning skill that writes local workspace files, with no evidence of hidden credential access, exfiltration, destructive behavior, or unrelated authority.

Install only if you are comfortable trusting the external capforge npm package. Prefer the installed capforge binary or a pinned reviewed package version over npx, review every proposed command and repository URL before approving it, and keep ~/.capforge limited to repositories and generated summaries you are comfortable storing locally.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The skill explicitly claims it avoids unauditable remote execution, but later instructs the agent to run `npx capforge transform <project-name>`. Using `npx` can fetch and execute code at runtime if the package is not already pinned and locally installed, which contradicts the safety claim and weakens supply-chain assurances.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal