Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 70% confidence
- Finding
- Without declared permissions the skill's intent is opaque and cannot be validated.
City of Montreal Open Data
Security checks across malware telemetry and agentic risk
Overview
The skill is a straightforward client for Montreal's public open-data API, with only minor least-privilege and trigger-scoping notes.
Before installing, understand that the skill has Bash permission even though its visible function is public open-data retrieval. Expected behavior is running the included Python script, making HTTPS requests to donnees.montreal.ca, printing dataset results, and writing a small local cache file.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
- MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)
Vague Triggers
Medium
- Confidence
- 84% confidence
- Finding
- The trigger `montreal dataset` is generic and could overlap with ordinary user phrasing when discussing datasets about Montreal, without clearly signaling invocation of this specific skill. The manifest does not provide narrower constraints or exclusion examples to distinguish intended activation contexts.
Natural-Language Policy Violations
Low
- Confidence
- 93% confidence
- Finding
- This Python file contains user-facing natural-language strings such as "Aucun dataset trouvé", "Résultats", and "Montréal" in French, but it does not offer any user opt-in or locale selection. Per the policy criteria, forcing a specific language in user-facing text without choice is a natural-language policy concern.
VirusTotal
66/66 vendors flagged this skill as clean.