MIS Logbook Submit

Security checks across malware telemetry and agentic risk

Overview

This skill transparently automates a real PENS MIS logbook submission using local credentials, so it is purpose-aligned but sensitive.

Install only if you want an agent to use your stored MIS credentials to submit real KP logbook entries. Keep the secrets file private, review the generated Indonesian activity text, date, and hours, and give explicit approval before the helper script is run.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill uses sensitive capabilities (environment secrets and network access) without explicitly declaring permissions, which weakens reviewability and consent boundaries for credential use and outbound actions. In this context, the skill logs into a real MIS portal using local secrets, so hidden capability use can enable unintended credential access or unauthorized submissions with limited visibility to operators.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The documented workflow promises approval-first behavior, evidence gathering, synthesis from same-day work, and verification, but the actual behavior reportedly submits arbitrary stdin text directly with default hours. That mismatch is dangerous because users and reviewers may trust the skill to enforce process controls that are not actually implemented, leading to false records, policy violations, or unauthorized submissions to an institutional system.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The script performs a state-changing submission to the MIS logbook system as soon as input is provided, with no interactive confirmation, dry-run mode, or explicit acknowledgement of the irreversible action. In an agent skill context, this increases the risk of accidental or unauthorized submissions caused by bad prompts, incorrect evidence synthesis, or unintended invocation.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The script automatically loads local credentials from a secrets file and uses them to log into a real external service without any runtime disclosure or consent boundary. In an automation/agent setting, this can silently turn local secret material into live authenticated actions, making accidental account use and unauthorized submissions more likely.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal