Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 70% confidence
- Finding
- Without declared permissions the skill's intent is opaque and cannot be validated.
PharmGx Reporter
Security checks across malware telemetry and agentic risk
Overview
This is a local pharmacogenomics report generator that reads a user-chosen genetic data file and writes a user-chosen markdown report, with sensitive-health-data cautions but no evidence of hidden or unrelated behavior.
Install only from a source you trust, run it only on genetic files you intentionally select, and save generated reports in a private location. Do not change, stop, or dose medications based on this report without review by a qualified clinician and confirmatory clinical-grade testing.
SkillSpector
By NVIDIA
Vulnerability Patterns
- MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)
Missing User Warnings
Medium
- Confidence
- 84% confidence
- Finding
- This code writes a markdown report containing detailed pharmacogenomic profiles, detected variants, and medication recommendations derived from a user's genetic data. Although the script states its research/educational purpose, it does not clearly warn in the code usage/help text that running it will persist highly sensitive health/genetic information to disk.
VirusTotal
66/66 vendors flagged this skill as clean.