Security audit

用于自动切换项目中适合的node 版本

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Node.js environment helper, but running it can download and execute the nvm installer and change the user's local Node setup.

Install or run this only if you are comfortable letting it change your Node.js environment and execute the nvm installer from GitHub. For higher assurance, install nvm manually first, inspect the script before running it, and do not rely on the advertised Windows command because the package only includes the Bash implementation.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill invokes shell scripts and describes actions such as installing NVM and switching Node versions, but the metadata shown in this file does not declare corresponding permissions. Undeclared shell capability weakens user awareness and policy enforcement, making it easier for a seemingly simple environment helper to perform system-level actions unexpectedly.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 96% confidence
Finding: The documented behavior goes beyond benign version detection: it includes downloading and executing remote installer content and querying remote version sources, while also overstating platform support. This mismatch is dangerous because users may trust the skill for a narrow local task, but it can instead make network fetches and system changes that increase supply-chain and execution risk.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly says it will auto-install NVM and run installer scripts, but the surrounding documentation does not prominently warn that this causes network access and persistent system modification. In this context, automatic setup of developer tooling makes the behavior plausible, which can lower user suspicion and increase the chance of unintended execution of remote code.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The script automatically downloads and executes a remote installer from GitHub when `nvm` is missing, without user confirmation or integrity verification. This creates a supply-chain execution path where a compromised upstream script, network interception, or unexpected content change would result in arbitrary code execution on the user's machine.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal