Back to skill

Security audit

XferOps Sentry

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Sentry MCP setup guide, with expected but sensitive Sentry token handling.

Install only if you trust the Sentry MCP package and need an agent to access Sentry. Use a least-privilege Sentry token, store it in an approved secret manager or local secure config, avoid hardcoding or committing it, and rotate or revoke it when access is no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs users to configure a live Sentry API token and mentions a concrete secret storage location and an already-configured machine, but it does not warn about token sensitivity, least-privilege scope, or the risk of exposing incident data. In this context, the skill enables access to organizations, projects, issues, and events, which can contain sensitive operational and application data, so casual handling of the token increases the chance of credential leakage or over-privileged access.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal