Back to skill

Security audit

Western Blot Quantifier

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it substantially overstates its scientific analysis capabilities and may give users false confidence in results.

Review carefully before installing or using for research. Treat this as incomplete demo code, not a validated Western blot quantification tool, and do not rely on its outputs for scientific conclusions unless the implementation is corrected and independently tested.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill claims normalized Western blot quantification relative to loading controls, but the implementation only divides each band by the first detected band in a selected lane. In a scientific analysis context, this can produce misleading quantitative results and incorrect biological conclusions because loading-control matching and per-lane normalization are not actually performed.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill advertises analysis of a user-supplied image via the --image argument, but the executable never opens or processes that file and only supports demo output. This is dangerous because users may trust the tool to analyze experimental data when it is actually ignoring the provided input, leading to false confidence, bad downstream decisions, and integrity issues in research workflows.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.