contract diagram

Security checks across malware telemetry and agentic risk

Overview

The skill appears intended to view and manage Mermaid contract diagrams, but its local server exposes broad local file access and automatic write behavior without enough safeguards.

Review before installing. Use only with non-sensitive Markdown files, stop the localhost server when done, and avoid exposing port 8080 beyond your machine. The skill should be tightened to restrict reads and writes to an explicit allowed file or workspace and to require clear user confirmation before modifying files.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill declares no dependencies or permissions, but the documented localhost trigger explicitly instructs the agent to start a local server, execute a shell script in the background, and open a browser against a user-controlled path. This creates undeclared shell and network capabilities, which can surprise downstream policy enforcement and may be abused for unintended file access or command execution workflows if PATH handling is unsafe in the wrapper or serving layer.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal