Back to skill

Security audit

Product Tour Capture

Security checks across malware telemetry and agentic risk

Overview

This skill has a useful product-tour workflow, but it can modify a web app repository and deploy public tour content without enough upfront scoping or safeguards.

Install only if you are comfortable with the agent modifying the target Next.js repository and potentially publishing a public /tour page. Use staging or sanitized data, confirm the repo path, target URL, output directory, files to be overwritten, and deployment command before running it; avoid authenticated or production pages that could expose private information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The manifest describes screen-recorded video capture with narration timing, but the body documents screenshot capture, file generation, and deployment. This mismatch can mislead operators and policy gates about what the skill actually does, causing it to be approved or invoked under incorrect assumptions about side effects and required controls.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The 'What this skill does' section contradicts the top-level metadata by documenting screenshot capture and deployment rather than video segment recording. In security review, contradictory documentation is dangerous because reviewers and automated tooling may rely on the wrong section and miss repository modification, deployment, and outbound browsing behavior.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation also fails to warn that it performs automated browsing against a live deployed app. This can interact with production data, trigger real workflows, and capture sensitive information in screenshots if operators assume it is safe for unrestricted use.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation also fails to warn that it performs automated browsing against a live deployed app. This can interact with production data, trigger real workflows, and capture sensitive information in screenshots if operators assume it is safe for unrestricted use.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.