openc3-flow

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do the disclosed job of listing Open-C3 CI/CD flows, but it requires an app key and can expose broad pipeline metadata.

Install only if you are comfortable giving the skill an Open-C3 app name and key that can list all CI/CD flows. Keep config.env private, restrict its permissions, use a read-only or least-privilege app key if available, and treat the generated flow inventory as sensitive infrastructure information.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 82% confidence
Finding: The skill invokes shell commands (`curl`, `jq`) and handles sensitive authentication material (`APP_KEY`), but it declares no permissions or equivalent capability boundaries. This creates a real security issue because consumers may not understand that the skill performs network access and shell execution, increasing the risk of unexpected outbound requests, credential exposure, or misuse in environments that rely on permission declarations for policy enforcement.

Credential Access

High

Category: Privilege Escalation
Content: SKILL_DIR="$(dirname "$SCRIPT_DIR")" # Load configuration if [ -f "$SKILL_DIR/config.env" ]; then source "$SKILL_DIR/config.env" else echo "Error: config.env not found in $SKILL_DIR"
Confidence: 90% confidence
Finding: .env"

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal