TSE Eleições

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Python client for public Brazilian election data APIs, with no evidence of hidden credential use, persistence, or destructive behavior.

Install only if you are comfortable with the skill making outbound requests to the documented TSE and CKAN public endpoints. No credentials should be needed. Use a virtual environment and review the live GitHub repository if you choose to clone it instead of relying only on the packaged files.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill documentation describes and demonstrates network access to external TSE and CKAN endpoints, but the skill declares no corresponding permissions. This creates a transparency and policy-enforcement gap: users or hosting platforms may treat the skill as less privileged than it really is, leading to unintended outbound requests and weakened review controls.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal