Debugger

Security checks across malware telemetry and agentic risk

Overview

This is a local debugging helper that analyzes pasted errors or user-chosen log files and does not show hidden network, destructive, or credential-stealing behavior.

Install only if you are comfortable running a local bash/Python debugging helper. Use pasted snippets or log files you deliberately want analyzed, avoid pointing it at credential files or sensitive logs, and review any suggested commands before running them yourself.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 86% confidence
Finding: The skill advertises executable command-style behavior and explicitly lists runtime requirements like bash and python3, while the static analyzer detected shell, environment access, and file-write capabilities without any declared permissions. That mismatch is dangerous because users or hosting platforms cannot accurately assess what the skill may access or modify, increasing the risk of unintended command execution, secret exposure from environment variables, or overwriting local files during debugging workflows.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal