🌐 Deploy HTML content to EdgeOne Pages

Security checks across malware telemetry and agentic risk

Overview

This skill is a small, transparent helper for publishing user-provided HTML or text to a public EdgeOne Pages URL.

Install only if you are comfortable using mcporter and the EdgeOne deployment endpoint. Do not deploy secrets, tokens, private notes, proprietary code, or internal files, because the submitted content is intended to become publicly accessible and the artifact does not describe removal or retention controls.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill explicitly instructs users to send arbitrary HTML or text to a third-party EdgeOne service and states that it will return a public URL, but it does not clearly warn that the content is transmitted off-platform and published publicly. This can cause accidental disclosure of sensitive data, credentials, internal documents, or proprietary code if a user assumes the action is local or private.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal