MCP Scaffolder
Security checks across malware telemetry and agentic risk
Overview
This instruction-only skill coherently scaffolds MCP server projects and does not include code, hidden behavior, credentials, or persistence.
Before using the generated scaffold, review the generated MCP config and replace placeholder absolute paths and env values with your own. Do not put real secrets into examples, and audit any generated MCP server code before running it.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
49/49 vendors flagged this skill as clean.