Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 70% confidence
- Finding
- Without declared permissions the skill's intent is opaque and cannot be validated.
Alpha Vantage CLI
Security checks across malware telemetry and agentic risk
Overview
This skill is a straightforward Alpha Vantage API helper that asks for an API key and only fetches market data from the expected service.
Provide an Alpha Vantage API key only if you intend to use the service, prefer an environment variable or secret manager over command-line arguments, and monitor quota usage if agents may make repeated data requests.
SkillSpector
By NVIDIA
Vulnerability Patterns
- MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)
VirusTotal
66/66 vendors flagged this skill as clean.