Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 70% confidence
- Finding
- Without declared permissions the skill's intent is opaque and cannot be validated.
0xscada
Security checks across malware telemetry and agentic risk
Overview
This is a disclosed local 0xSCADA server wrapper, but it needs review because it can run an unreviewed external project with sensitive SCADA, Flux, and blockchain credentials.
Install only if you trust and have inspected the 0xSCADA repository set as SCADA_DIR. Use test or least-privilege keys and tokens, avoid production SCADA telemetry and funded private keys until server behavior is verified, and confirm how to stop the background server.
SkillSpector
By NVIDIA
Vulnerability Patterns
- MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
- MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)
Tp4
High
- Category
- MCP Tool Poisoning
- Confidence
- 96% confidence
- Finding
- This is a mismatch because the description promises substantial domain functionality—SCADA/blockchain bridging, audit trails, Kannaka memory integration, telemetry and geometry APIs—but the provided code only manages the lifecycle/status of a local 0xSCADA server. None of the advertised industrial, blockchain, memory, telemetry, or classification behavior is implemented here. While a wrapper script could be supportive utility code, the declared purpose describes the skill itself as providing those capabilities, and this code does not actually expose or implement them; instead it only starts and checks a local service.
VirusTotal
64/64 vendors flagged this skill as clean.