Reformed Books Search & Download

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward helper for searching a specific external theology book site, with the main caution that it uses plain HTTP and may lead to unverified downloads.

Install only if you want an agent to help search this specific external book site. Because the site and downloads use plain HTTP, verify that any downloaded document is legitimate and legal for you to access, and scan files before opening them.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 90% confidence
Finding: The skill promises search and download functionality, but the content mainly provides manual browser instructions and does not clearly implement or constrain actual retrieval behavior. This mismatch is dangerous because users and orchestrators may trust the declared purpose while the skill can instead drive browsing to arbitrary external endpoints or fail in ways that obscure what actions are really being taken.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal