StylePilot

Security checks across malware telemetry and agentic risk

Overview

StylePilot is a coherent local wardrobe assistant that stores clothing data on the user's machine, with privacy hygiene notes but no evidence of hidden or malicious behavior.

Install this only if you are comfortable with a local wardrobe database that keeps clothing photos, metadata, outfit history, and feedback on the machine where the agent runs. Avoid adding images with faces, private background details, or location metadata unless you are comfortable retaining them locally, and manually review or delete the data directory when needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill instructs the agent to execute shell commands, write files, and interact with a local SQLite database, yet no permissions are explicitly declared. That mismatch weakens enforcement and review because an operator may assume the skill is non-privileged while it can persist user data and invoke local tooling.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill stores clothing photos and metadata locally, which can include sensitive personal information such as habits, travel plans, style preferences, and images from a private environment, but it does not tell users how long data is kept or how to delete it. This creates privacy and compliance risk because users may unknowingly provide persistent personal data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal