Smoke Test Generator

Security checks across malware telemetry and agentic risk

Overview

This is a visible API smoke-test example, but users should know it is tailored to a specific demo app rather than a generic test generator for every API.

Install only if you want an example smoke-test template. Before running it, inspect and customize the hard-coded endpoints and demo credentials, and prefer local or staging targets unless you are comfortable with its POST requests affecting a live service.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 87% confidence
Finding: The skill claims to be a generic smoke-test generator for any HTTP API, but the described behavior includes hard-coded endpoints, fixed credentials, and application-specific assumptions. This can mislead users into running tests against the wrong targets, unintentionally using embedded credentials, or trusting a supposedly generic skill that is actually tailored to a specific system, increasing the chance of accidental disclosure or unauthorized testing.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal