Back to skill

Security audit

MidOS MCP — Knowledge OS for AI Agents

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a legitimate knowledge and memory MCP, but it also exposes broad command, file, network, and notification powers without clear safety boundaries.

Install only if you are comfortable granting this MCP more than search and memory access. Use sandboxing and explicit approval for shell, file, git, HTTP, Discord, and webhook actions; avoid storing secrets or regulated data in memory; and audit the external self-hosted repository before running it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly promotes persistent cross-session memory and session-resume behavior, but does not warn users that information they store may be retained and later resurfaced across sessions. In an agent setting, this can lead to unintended storage of sensitive prompts, user preferences, secrets, or internal project data, especially when operators assume interactions are ephemeral.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill advertises shell execution, file read/write, git/HTTP fetch, and outbound notification tools without any safety notice, approval guidance, or scope restrictions. In an agent environment, these capabilities materially increase the risk of destructive local actions and unreviewed data exfiltration to third-party destinations such as webhooks or Discord.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.