OPC Product Manager

Security checks across malware telemetry and agentic risk

Overview

This is mostly a useful product-spec skill, but it can persist local product records and link contract or invoice data without clear scoping or approval.

Install only if you are comfortable with it saving product specs and metadata locally. Use a dedicated products directory, review generated files before handing them to another agent, and require explicit approval before it reads or links landing-page, contract, or invoice records.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (7)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 96% confidence
Finding: The skill instructs file reads and writes (`read_file(...)`, creating product directories, writing `spec.md`/`metadata.json`) but does not declare permissions or warn the user that workspace state will be modified. Hidden write capability increases the risk of unexpected persistence, accidental overwrites, and broader access than a user would infer from the manifest.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 94% confidence
Finding: The advertised purpose is product-spec generation, but the documented behavior also performs product indexing, status reporting, metadata aggregation, and local script execution over stored product records. This mismatch can mislead users into granting or tolerating broader local-data access and mutation than necessary for the stated task.

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The archive and cross-skill linkage section expands the skill from spec generation into local record management and data correlation across other skills. That broadens the reachable data surface and creates opportunities to read or persist unrelated project information without a clear, purpose-bound need.

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: Dashboard mode introduces portfolio-wide discovery and reporting over local product directories, which is materially different from generating a spec for a single idea. In context, that makes the skill more dangerous because it encourages broad enumeration of stored project metadata under a narrower description.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: Cross-skill access to contract and invoice data is not necessary for basic product-spec generation and can expose sensitive business information such as billing terms and related invoices. Pulling data from other manager skills increases the blast radius from a harmless planning assistant to a multi-domain data aggregator.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The mode-detection logic defaults ambiguous input to Full spec, which can trigger file reads, template loading, archiving, and later script execution without a clear user request. Broad triggering increases the chance of unintended activation and side effects from ordinary conversational input.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill directs the agent to create directories, write files, and run a local Python script without any user-facing warning or approval step. Silent workspace modification is risky because it can overwrite state, create persistent artifacts, or execute local logic the user did not expect from a spec-writing assistant.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal