Metacognitive Protocol Lite

Security checks across malware telemetry and agentic risk

Overview

The skill appears to include an unrelated script that can create a local marketing PowerPoint file, which does not fit the stated reliability-focused purpose.

Review before installing. The package should remove or clearly document the promotional PowerPoint generator, require a user-selected output path, and explain when any local files are created. I found no evidence of credential theft, network exfiltration, or destructive behavior, so this is a Review classification rather than malicious.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The script writes a promotional PowerPoint artifact unrelated to the stated metacognitive/reliability function of the skill, which indicates scope mismatch and undeclared side effects. While it is not overtly malicious, generating and saving marketing material can mislead users about what the skill does and may create unwanted files on the host system.

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: This file's actual behavior is building a marketing deck, not enforcing metacognitive controls or improving agent reliability as described in the skill metadata. That mismatch is security-relevant because users and integrators may trust the package for one purpose while it performs unrelated actions, increasing the chance of unnoticed side effects or hidden functionality elsewhere in the skill.

Missing User Warnings

Low

Confidence: 95% confidence
Finding: The script saves output to a hard-coded absolute local path without asking for confirmation, which can overwrite files, fail unpredictably on other systems, or leak assumptions about the developer's environment. In agent or automation contexts, silent writes to the local filesystem are risky because they happen without user intent being checked.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal