System Vigil

Security checks across malware telemetry and agentic risk

Overview

System Vigil is a small, disclosed local health-check skill that reports disk, memory, and CPU load without evidence of network access, persistence, credential access, or mutation.

Install this if you want an agent to read basic local machine health metrics. Avoid using it where disk, memory, or load information is considered sensitive, since those values can appear in agent output or logs.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 94% confidence
Finding: The skill documentation shows execution of a local Python script that invokes shell utilities (`df`, `free`, `uptime`) and likely reads host system state, but the manifest does not declare corresponding permissions. This creates a transparency and policy-bypass problem: agents or platforms may approve or run the skill without understanding that it performs shell execution and host inspection.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal