Back to skill

Security audit

Gx Bidding Monitor

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed bidding-notice monitor that scans listed procurement sites and saves filtered local results, with credential-handling caveats users should understand.

Before installing, review the listed domains and run only the categories you need. Do not put real passwords in gx_websites.json unless the file is private, excluded from source control, and protected by local permissions; prefer environment variables or a separate private config. Avoid using --auth-only with real account identifiers in logs or shared terminals.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
83% confidence
Finding
The skill advertises executable behavior involving file read, file write, and shell usage, but does not declare corresponding permissions. This reduces transparency and prevents users from understanding the operational and security boundaries before invocation, especially for a skill that scans many external sites and writes local outputs.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The documented purpose is limited to monitoring and filtering bidding notices, but the behavior includes generating message content, writing local artifacts, and exposing configured account information via --auth-only. That mismatch is dangerous because users may invoke the skill expecting passive monitoring while it performs additional data handling that could leak credentials or sensitive operational details.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The file materially contradicts the skill’s stated purpose of monitoring only power/electric bidding notices by embedding a broad set of unrelated procurement platforms, including real estate, rail, telecom, retail, and general enterprise sourcing sites. This overbroad target list can cause the agent to collect, process, or act on data outside its declared scope, increasing the risk of unauthorized monitoring, policy bypass, and misleading downstream automation decisions.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
In auth-only mode, the script prints stored account identifiers for login-required platforms directly to stdout. Exposing credential-related data is unnecessary for simple bidding monitoring and can leak sensitive operational access details to logs, terminals, or downstream tooling.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Instructing users to place credentials in a local JSON file without safety guidance encourages insecure secret storage. Such files are commonly committed to source control, left with weak filesystem permissions, or read by other tooling, creating a straightforward path to credential disclosure.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The skill describes broad scanning of 50+ external platforms, including auth-required systems, but does not clearly warn users about network activity, authentication flows, or possible use of configured credentials. In this context, the omission is risky because the tool interacts with many third-party services and users may not realize their accounts or data could be transmitted or queried automatically.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The guide explicitly tells users to place usernames and passwords in a JSON configuration file, which promotes plaintext secret storage. If the file is committed to source control, shared with teammates, logged, or read by other local processes, those credentials can be exposed and reused to access third-party bidding platforms.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The auth-only reporting path reveals account information in plain text without masking, warning, or access control. Even if these are only usernames or account identifiers, they can aid reconnaissance, credential stuffing, or internal targeting when exposed in logs or shared consoles.

Ssd 3

Medium
Confidence
98% confidence
Finding
Reporting stored account identifiers in plain-language output creates unnecessary exposure of sensitive operational data. In the context of a multi-platform monitor, this increases the blast radius because one script invocation can disclose access-related details for many sites at once.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.install_untrusted_source

Install source points to URL shortener or raw IP.

Warn
Code
suspicious.install_untrusted_source
Location
references/gx_websites.json:11