Mastodon Scout

Security checks across malware telemetry and agentic risk

Overview

Mastodon Scout is a transparent read-only Mastodon viewer, but users must keep its bearer token limited to read scope and only use trusted instance URLs.

Install only if you are comfortable giving the skill a Mastodon OAuth token. Create a dedicated token with only the read scope, set the instance to the exact Mastodon server that issued the token, and do not run it with untrusted --instance URLs.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 85% confidence
Finding: The skill requires access to environment variables and makes outbound network requests, but those capabilities are not explicitly declared as permissions in the skill metadata. This creates a transparency and policy-enforcement gap: reviewers and runtimes may underestimate what the skill can access, increasing the risk of unintended secret exposure or unauthorized external communication.

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The skill accepts a user-controlled --instance value and then sends the Authorization bearer token to that origin for every API request. In a supposedly read-only Mastodon client, this creates a credential exfiltration path: an attacker can point the client at a malicious server, capture the token, and then use it against the real Mastodon account within the token's granted scopes.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal