Is This Link Safe? (Scam & Phishing Checker)

Security checks across malware telemetry and agentic risk

Overview

This URL-safety skill mostly matches its stated purpose, but its safety claims and broad whitelist behavior can give users too much confidence in a “safe” result.

Install only if you are comfortable with the skill contacting GitHub for threat-data shards and caching them locally. Treat “safe” results as “no known match,” not a guarantee, especially because the current whitelist can bypass checks for broad Taiwan-related domain categories.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill invokes shell commands, performs network access, and reads/writes local files, but these capabilities are not declared in permissions. This creates a transparency and consent problem: users or the platform may believe the skill only does local URL checking, while it can download data, execute setup scripts, and modify cached blocklist files.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 88% confidence
Finding: The skill description materially overstates and mischaracterizes its behavior: it claims real-time checking against many intelligence sources, but the documented behavior relies on a GitHub-hosted shard dataset plus local heuristics, and it can proactively scan multiple URLs from arbitrary text. This mismatch can mislead users about data provenance, coverage, and when scanning occurs, undermining informed consent and trust in a security-sensitive tool.

Description-Behavior Mismatch

Medium

Confidence: 97% confidence
Finding: The skill metadata promises checks against 38 threat-intelligence sources and 2.5M+ scam domains, but this file only fetches a single GitHub-hosted shard dataset and applies local heuristics. In a phishing-detection skill, this mismatch can mislead users into overtrusting results and making unsafe click decisions based on a weaker-than-claimed detection pipeline.

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The instruction to check URLs proactively when the context merely 'suggests' the user wants safety advice is ambiguous and can trigger scanning without an explicit request. In a security/privacy tool, this can cause unintended processing of message content and unexpected network fetches for shard data, even if only partial domain information is exposed.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal