Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 70% confidence
- Finding
- Without declared permissions the skill's intent is opaque and cannot be validated.
Embodied Task Decomposition
Security checks across malware telemetry and agentic risk
Overview
This is a robot task-planning skill with a local validator and editable action list, but it does not show hidden network, credential, or execution behavior.
Install only if you need robot-oriented task decomposition. Review every generated step before using it with a real robot, and manually approve any additions to the action bank so broad or unsafe actions do not become future defaults.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
- Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
- MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
- MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)
Tp4
High
- Category
- MCP Tool Poisoning
- Confidence
- 99% confidence
- Finding
- This is a clear mismatch because the declared purpose says the skill performs task decomposition for robot execution using an image plus task instruction, but the provided code does not process images, does not interpret user task instructions, and does not generate subtasks. Its primary function is to validate already-written subtasks against formatting/action-bank rules and to check whether new actions duplicate existing ones. Those behaviors are materially different from the claimed decomposition capability.
Context-Inappropriate Capability
Medium
- Confidence
- 93% confidence
- Finding
- The manifest describes a skill for decomposing a user-provided physical task into atomic robot subtasks. However, SKILL.md additionally instructs the agent to add new actions to action-bank.md, which introduces repository/document modification behavior unrelated to simply analyzing an image and producing a decomposition.
Vague Triggers
Medium
- Confidence
- 95% confidence
- Finding
- The manifest says the skill triggers on phrases like "task instruction" or "any request to turn a high-level instruction into step-by-step robot actions," which is ambiguous and broad for a markdown skill description. It does not provide clear exclusions or negative examples, so common decomposition requests could invoke the skill even when the user is not asking for embodied robot-task planning from an image.
VirusTotal
59/59 vendors flagged this skill as clean.