BugBug

Security checks across malware telemetry and agentic risk

Overview

This skill mostly matches a BugBug connector purpose, but its listing says read/search while it also lets an agent run BugBug tests through a credentialed account.

Review this before installing if your BugBug workspace is production or credit-sensitive. Use it for explicit BugBug tasks, and require clear confirmation before running tests or any action that could consume resources or alter BugBug state.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The skill metadata says BugBug usage should be limited to searching and reading data, but this action explicitly executes tests via `bugbug.run_test`. That capability expansion violates the stated trust boundary and can trigger state-changing operations in an external service, leading to unintended test runs, resource consumption, or operational disruption if invoked by an agent that assumes the skill is read-only.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger phrase 'Use this skill for ANY BugBug request' is overly broad and can cause the agent to invoke this skill for vague mentions of BugBug rather than clearly scoped actions. That increases the chance of unintended tool use, unnecessary access to connected account data, or execution of state-changing operations when the user's intent was only conversational or informational.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal