Agentic Mcp Server Builder Conflict

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed MCP scaffolding helper that can create starter files, with a broad opt-in path override users should handle carefully.

Run the scaffold script in dry-run mode first and point scaffold_root and --output at a new project directory. Avoid --allow-outside-workspace unless you deliberately want files written outside the current workspace, because non-dry-run mode can overwrite the fixed starter filenames it creates.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 86% confidence
Finding: The skill instructs the agent to run a local scaffold script and read a reference file, which implies file read/write behavior, but the skill does not declare corresponding permissions. This creates a trust and review gap: consumers may believe the skill is metadata-only while it can materially modify the workspace by generating starter artifacts.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The `--allow-outside-workspace` flag explicitly disables the workspace-boundary check and permits scaffolding to arbitrary resolved paths on the filesystem. In an agentic context, this broadens a project scaffolding tool into a general file-writing primitive, which can overwrite or plant files outside the intended project scope if untrusted input controls `scaffold_root`.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal