Ai Product Description Writer

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: it sends product details to xAI/Grok to generate product descriptions.

Use a dedicated xAI API key and avoid submitting confidential product launches, customer data, or proprietary details unless your organization is comfortable with that data being processed by xAI.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill declares use of an environment secret and outbound network access but does not explicitly declare permissions, which weakens platform-level transparency and control. In this context, the skill needs both capabilities to call the Grok API, but the absence of explicit permission metadata can hide the true trust boundary and increase the chance of unintended secret exposure or unauthorized external requests.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal