Back to skill

Security audit

file-upload-cli

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward temporary file-upload CLI, but users should notice that it sends the chosen file to a public third-party host.

Install only if you want a tool that uploads the file you name to a public temporary hosting service. Do not use it for secrets, credentials, private documents, regulated data, or anything that should not be accessible by link, and verify the file path before running it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documentation describes invoking a Node.js CLI that uses the system curl command, which implies shell-capable execution without any declared permission boundary. In an agent setting, undeclared shell capability is risky because it can enable file exfiltration or arbitrary command execution beyond what a user may expect from a simple upload skill.

Intent-Code Divergence

Low
Confidence
82% confidence
Finding
The documentation claims uploads go only to litterbox.catbox.moe, but elsewhere shows a different output URL format, creating ambiguity about the real destination. For a file-upload skill, destination confusion is security-relevant because users may disclose sensitive files under false assumptions about where their data is being sent and hosted.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The example file instructs users to expect uploads to 0x0.st, while the skill metadata states the tool uploads to litterbox.catbox.moe. This inconsistency can mislead users about where their files are sent, undermining informed consent and potentially causing accidental disclosure to an unintended third-party service with different retention, privacy, or abuse-handling characteristics.

Natural-Language Policy Violations

Low
Confidence
85% confidence
Finding
Inconsistent service and URL descriptions can mislead users about which third party receives uploaded files, undermining informed consent and trust. In this skill's context, that is more dangerous than a generic doc typo because the primary function is transmitting local files to an external public host.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This skill uploads an arbitrary local file to a third-party public file-sharing service, but it does not provide a clear pre-upload warning or require explicit confirmation that the user understands the file will leave the local environment and be hosted externally for 72 hours. In an agent/tooling context, this increases the risk of unintended exfiltration of sensitive files, because a user or upstream agent may invoke the tool without appreciating the privacy and data-handling implications.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.