Back to skill

Security audit

Sudoku

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a normal Sudoku helper that fetches public puzzles, saves local puzzle files, renders them, and prints optional share links.

Install only if you are comfortable with the skill contacting sudokuonline.io, installing the listed Python libraries, and creating local Sudoku files that include full solutions and generated share URLs. Treat generated links as shareable puzzle content and avoid publishing them if you want a puzzle solution or identifier kept private.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill clearly documents network access, reading/writing files in the workspace, and Python execution, but the manifest does not declare equivalent permissions. This creates a transparency and policy-enforcement gap: users or orchestrators may approve the skill without understanding that it can exfiltrate data over the network or persist files locally.

Tp4

High
Category
MCP Tool Poisoning
Confidence
83% confidence
Finding
The declared purpose is narrower than the documented functionality: besides fetching and rendering puzzles, the skill can generate external share links, render HTML/PDF outputs, and reveal partial solution data. This mismatch can mislead reviewers about the skill's outbound sharing and output-generation behavior, increasing the chance of overbroad trust or unintended data disclosure.

Description-Behavior Mismatch

Low
Confidence
76% confidence
Finding
The manifest omits the documented capability to generate share links, which is security-relevant because it involves creating outbound references to external services. While the shared content appears limited to puzzle data, undocumented sharing functionality reduces transparency and can bypass user expectations about what the skill does with stored content.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The documentation says puzzles are fetched and stored, but it does not explicitly warn that this sends requests to an external service and writes JSON into the workspace. Even if the data is low sensitivity, failing to disclose network transmission and local persistence can violate least-surprise expectations and lead users to expose metadata or clutter/overwrite workspace files unintentionally.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.