Back to skill

Security audit

Uptime Kuma

Security checks across malware telemetry and agentic risk

Overview

This skill appears to manage Uptime Kuma as advertised, but it can use stored credentials to make disruptive monitoring changes without built-in safety checks.

Install only if you are comfortable giving this skill an Uptime Kuma account that can change monitoring configuration. Prefer a least-privilege account, verify monitor IDs before any change, require human confirmation before delete or pause-all actions, and consider reviewing or pinning the external Python dependency.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill documentation instructs use of environment variables containing Uptime Kuma credentials, but the skill declares no permissions despite clearly relying on access to sensitive environment data. This creates a trust and review gap: operators may enable the skill without realizing it can access credentials and interact with an authenticated monitoring system.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger description is broad enough to match general discussion of uptime, server health, or monitoring, which can cause the skill to activate in contexts where the user did not intend operational changes. Because this skill supports state-changing actions such as add, pause, resume, and delete, over-invocation increases the risk of unintended administrative operations.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation exposes a direct delete command for monitors without any warning, confirmation step, or mention of irreversibility. In an agent-driven setting, this raises the chance of accidental destructive actions that remove monitoring coverage and can hide outages or reduce visibility into service health.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.