Back to skill

Security audit

Brand Identity Analyzer

Security checks across malware telemetry and agentic risk

Overview

This is a real brand-analysis tool, but it tells agents to save generated profiles into another project and push them to GitHub without a review gate.

Install only if you intend to send brand names and prompts to Gemini/Google Search and save generated JSON for reuse. Treat the GitHub push instructions as requiring manual approval: review the generated file, confirm the target repo and branch, and do not let an agent push to main automatically.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill documentation directs use of environment variables for API keys and writes output files, but the skill declares no permissions. This creates a transparency and governance gap: users and orchestrators cannot accurately assess what resources the skill will access, increasing the chance of unintended secret exposure or filesystem modification.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The declared description understates important behaviors: external research via Google/Gemini, filesystem persistence, and implied catalog integration, while also claiming capabilities like listing and updating that are not actually described in the commands shown. This mismatch can cause unsafe invocation and data-handling assumptions, especially when a user expects simple analysis but the workflow performs networked research and saves artifacts to disk.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill includes a mandatory instruction to commit and push generated files to GitHub after every run, which extends the workflow from local brand analysis into repository modification and publication. That creates unnecessary risk of exfiltrating sensitive or proprietary data, triggering unauthorized code-repo changes, or normalizing supply-chain-affecting actions unrelated to the core analytical function.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The activation text is broad enough to match many ordinary requests about brands, profiles, or brand data, increasing the chance the skill is invoked in contexts where network research and file persistence are not expected. Overbroad triggering can amplify the risks from the skill's hidden side effects, such as external data transfer and local file creation.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill instructs users to save brand profiles locally and push them to GitHub without any warning about sensitive content, licensing, proprietary campaign analysis, or repository visibility. Even if brand data is often public, generated profiles may include internal notes, derived strategy, or client-confidential context, so publishing by default can leak data and create compliance issues.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script sends the user-supplied brand name and derived research prompt to Google's Gemini and Google Search services, but it provides no explicit notice or consent flow before transmitting that input off-host. In a skill environment, users may assume analysis is local; this can expose confidential brand concepts, client names, or internal project details to third-party services and create privacy/compliance risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.