API Integration for RedHat MCP

Security checks across malware telemetry and agentic risk

Overview

This is a small instruction-only API integration skill with sensible safety guidance, though its trigger metadata is malformed and the Red Hat branding is not verified.

Review generated API client code before using real credentials, start with least-privilege test tokens, and verify the publisher if Red Hat affiliation matters. The malformed trigger metadata should be corrected before relying on predictable skill activation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger configuration is malformed and overly ambiguous: `triggers: System.Object[]` does not define concrete activation phrases, scope, or constraints. In an agent environment, unclear trigger semantics can cause the skill to activate unexpectedly or too broadly, increasing the chance of misuse, unintended execution paths, or invocation in contexts involving sensitive API operations.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal