Security audit

Substreams Search

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says: search and inspect public Substreams packages, with no evidence of hidden persistence, credential theft, or destructive behavior.

Install this only if you want an MCP tool for Substreams package discovery and inspection. Prefer stdio mode for local use, avoid exposing the HTTP/SSE endpoint to untrusted networks, and provide trusted .spkg URLs when using inspection tools.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 83% confidence
Finding: The skill advertises network access and environment-variable-driven behavior, but it does not declare corresponding permissions. That creates a trust and review gap: users may invoke a skill that can make outbound requests and read configuration from the environment without those capabilities being explicitly surfaced in its permission model. In this specific skill, the network use is aligned with its stated purpose, which lowers suspicion, but the undeclared capability still matters because it can hide data exfiltration or unexpected remote interaction if the implementation changes.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal