ddddd

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a legitimate OpenAI documentation helper, but it tells the agent to install an MCP server and retry with elevated permissions as part of a docs lookup workflow.

Install only if you are comfortable with the skill modifying your Codex MCP configuration to add OpenAI's docs server. Prefer manually approving any MCP setup yourself, and do not allow elevated-permission retries unless you understand the local config change.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Context-Inappropriate Capability

High

Confidence: 97% confidence
Finding: The skill is for documentation retrieval, but it instructs the agent to modify the local environment by installing an MCP server and then retrying with escalated permissions. That expands the skill from passive information access into autonomous system change and privilege elevation, creating a path for unauthorized tool installation, policy bypass, or abuse if the skill content or target endpoint is ever compromised.

Intent-Code Divergence

Medium

Confidence: 89% confidence
Finding: The skill first says the agent should fall back to web search if MCP tools are unavailable, but later overrides that with local installation and privilege escalation steps. This inconsistency is dangerous because it normalizes unexpected environment modification in a low-risk docs workflow and can cause the agent to take more invasive actions than the user requested.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal