Back to skill

Security audit

Mybooks

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent MyBooks library client, but it can upload arbitrary local files and send books to user-supplied email or device destinations using stored credentials.

Install only if you trust the configured MyBooks server and will supervise upload/send actions. Use least-privileged MyBooks credentials, keep the host local or trusted, and confirm exact file paths, email addresses, and device IPs before allowing the agent to run transfer commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill declares only a Bash tool requirement, but its metadata and documented behavior clearly require access to environment variables containing credentials and network connectivity to a remote/local MyBooks service. This mismatch weakens policy enforcement and user understanding, because a reviewer may not realize the skill can read secrets and transmit data over the network.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The `book_upload` operation accepts an arbitrary absolute local file path and uploads that file to the MyBooks server, but the description does not prominently warn that local file contents leave the host. In an agent setting, this can cause unintended exfiltration of sensitive local files if a user or model supplies the wrong path or is socially engineered.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The `mailto` feature sends a book file to an external email address, which exposes the content to the recipient mailbox and intermediary email infrastructure, yet this data-transfer risk is not explicitly called out. In practice, users may assume this is an internal action and inadvertently disclose copyrighted, private, or sensitive content.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The `send_to_device` operation transfers book files over the local network to a user-supplied device address, but the description does not explicitly warn that file contents are being sent across the network. Because the destination is user-controlled, mistakes or abuse could send content to the wrong host or an attacker-controlled endpoint on the LAN.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The tool reads an arbitrary local file path and uploads the file contents to a remote MyBooks server with no path restriction, consent gate, or allowlist of safe directories/types. In an agent context, a prompt-influenced caller could cause sensitive local files to be transmitted off-host under the guise of a normal book upload.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This method can send a book file to any supplied email address without any secondary confirmation or destination validation. In an agent-integrated skill, that creates a clear exfiltration channel for library contents to an attacker-controlled mailbox if the agent is tricked into invoking it.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The function forwards book content to external devices or addresses based on user-supplied parameters, again without confirmation or destination trust checks. In this skill context, that is another outbound data-transfer primitive that could be abused to exfiltrate books or route them to attacker-controlled endpoints.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.