MCPGlue — MCP桥接框架

Security checks across malware telemetry and agentic risk

Overview

This Wolai notes helper is purpose-aligned, but it grants broad account access through a powerful token and raw MCP calls without enough guardrails.

Install only if you trust this publisher with your Wolai workspace. Use a dedicated/revocable Wolai MCP token, do not paste it into chat, avoid using permanent delete unless you have backups, and review each write or delete operation before allowing the agent to run it.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill exposes MCP bridging capability to external services but does not declare corresponding permissions or trust boundaries. That can cause the host or reviewers to underestimate the skill's ability to invoke external MCP servers, which may in turn provide file access, network access, API operations, or other powerful delegated actions.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 92% confidence
Finding: The skill description materially overstates and misrepresents the implemented behavior, including claimed SSE support, resource reading, dynamic tool registration, streaming behavior, and use of a different SDK. This kind of mismatch is dangerous because operators may rely on the documented security model and capabilities when approving or sandboxing the skill, leading to incorrect trust decisions and insufficient review of the actual implementation.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal