Back to skill

Security audit

lmeterx-web-loadtest

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real LMeterX load-testing skill, but it can automatically create remote load-test tasks for arbitrary websites with weak consent, credential, and transport-safety controls.

Install only if you intentionally want an agent to create LMeterX load-test tasks. Use it only on systems you own or are explicitly authorized to test, avoid private or secret-bearing URLs, replace the default token with a user-scoped credential, and require manual confirmation of target, concurrency, duration, and authorization before any run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill performs environment-variable handling and networked actions, including executing a script that analyzes a target URL and creates load-testing tasks, yet it declares no permissions. This hides sensitive capabilities from the platform and user, weakening policy enforcement and making unintended or unsafe network activity harder to review or constrain.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The script creates the HTTP client with TLS certificate verification disabled (`verify=False`) for all requests to the LMeterX backend. This makes the authentication token and all request/response data vulnerable to man-in-the-middle interception or tampering, which is especially risky because this skill automatically analyzes user-supplied URLs and creates load-test tasks based on backend responses.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The code falls back to a hardcoded default token value (`lmeterx`) when `LMETERX_AUTH_TOKEN` is unset, despite presenting authorization as an automatic secure control. A built-in credential undermines authentication assumptions, may permit unauthorized access if accepted by the backend, and encourages deployments with missing secret management.

Vague Triggers

High
Confidence
97% confidence
Finding
The skill says it must be used whenever a user mentions general terms like "website," "webpage," "load testing," or provides any apparent website URL. That routing is overly broad and can hijack many benign conversations, causing automatic execution of a script that initiates external analysis and load-test task creation against arbitrary targets.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list contains broad phrases like 'web loadtest' and multiple generic website-performance requests without constraints on authorization, ownership, or execution safety. This increases accidental invocation risk and can lead to network-impacting operations being launched from casual or ambiguous user requests.

Missing User Warnings

High
Confidence
99% confidence
Finding
The description instructs immediate execution of page analysis, API pre-checks, and batch creation of load-testing tasks as soon as a URL is provided, with no health checks or safety gate. In a load-testing context, automatic execution against arbitrary URLs can generate harmful traffic, test unauthorized systems, and potentially facilitate abuse or denial-of-service activity.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.