Aiqbee

Security checks across malware telemetry and agentic risk

Overview

Aiqbee is a coherent MCP integration, but installing it can let an agent change or delete business knowledge-graph records through your Aiqbee account without clear safety boundaries.

Review before installing. Use only with an Aiqbee account or workspace where agent write access is acceptable, confirm every update or delete request explicitly, and verify the OAuth destination and MCP endpoint before signing in.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill explicitly exposes create, update, and delete operations against a user's knowledge graph but provides no warning that these actions can modify or permanently remove user data. In an agent context, this increases the chance of unintended destructive actions from ambiguous prompts, user misunderstanding, or prompt-injection-driven tool use, especially because delete operations are available alongside routine read actions.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal