Opportunity Scout

Security checks across malware telemetry and agentic risk

Overview

Opportunity Scout is a disclosed market-research skill that searches public sources, runs bundled local Python helpers, and stores local findings for reports and trend tracking.

Install if you are comfortable with the agent running the included Python scripts, performing web searches, and storing public-source findings and history locally. Treat generated opportunity reports as leads to verify, and only enable cron or custom output paths when you intentionally want recurring scans and know where reports will be written.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill explicitly instructs the agent to create, read, and write local files such as config.json, history.json, temporary search-result files, and output digests, yet no permissions are declared. This creates a mismatch between the skill's documented behavior and its permission model, which can lead to unauthorized filesystem access or unsafe execution assumptions by the host environment.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal