Questionnaire Codebook Maker

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward questionnaire codebook helper that reads a user-supplied CSV and writes local Markdown/TSV outputs.

Install if you want a local helper for questionnaire codebooks. Run the script only on CSV files you intend to process, choose an output directory where overwriting codebook.md and variable_map.tsv is acceptable, and avoid placing confidential survey data in shared folders unless that is intended.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill declares no explicit permissions, yet it advertises and instructs use of a helper script that reads input files and writes output files. This creates a capability/permission mismatch: an agent or reviewer may treat the skill as lower risk than it really is, while the documented workflow performs filesystem operations that could access unintended local files or overwrite data if invoked on attacker-controlled paths.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal