Earl Display Control

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for a local TV dashboard, but it needs review because it can persist household details and serve them through an unauthenticated local web server.

Install only if you are comfortable with a local household dashboard that stores notes, room state, patterns, and location on disk. Bind the HTTP server to 127.0.0.1 or firewall it, avoid secrets in earl_mind.json, use approximate weather coordinates or disable weather if location privacy matters, and be careful with force-kill and clear/remove operations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 87% confidence
Finding: The skill instructs the agent to read and write local files and to perform network activity, but it declares no explicit permissions or guardrails. That creates a trust and review gap: consumers may authorize or invoke the skill without realizing it can modify persistent state and reach external services.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 82% confidence
Finding: The documented behavior goes beyond simple TV/dashboard control into broader state management, identity/photo changes, room tracking, and long-term pattern recording. When a skill's effective capabilities exceed its stated purpose, users and policy systems can be misled about the sensitivity of the actions being authorized, increasing the chance of overbroad or unintended use.

Description-Behavior Mismatch

Medium

Confidence: 76% confidence
Finding: This section expands the skill from display control into maintaining long-term household state and behavioral patterns, which are more privacy-sensitive than merely waking a kiosk or refreshing a page. Persistent tracking data can accumulate into a household profile, and the broader the retained state, the greater the harm from misuse or accidental modification.

Context-Inappropriate Capability

Medium

Confidence: 84% confidence
Finding: The skill documents live weather fetching from an external service, introducing outbound network access and likely disclosure of location-related data from the dashboard state. External calls increase attack surface, create privacy risk, and are especially concerning when not clearly justified and permissioned as part of the skill's stated scope.

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: The API exposes capabilities to modify Earl's photo and persistent long-term behavioral patterns, which exceed the manifest's stated dashboard/display update scope. In an agent setting, this kind of scope drift is dangerous because a caller may be granted permission for benign display updates but can silently alter identity-relevant or memory-like state, creating unauthorized persistence and deceptive behavior.

Description-Behavior Mismatch

Medium

Confidence: 81% confidence
Finding: The code allows mutation of spatial-awareness room state, including adding rooms and changing room status/notes, even though the manifest describes TV/dashboard management and content updates rather than household state modeling. In an autonomous agent workflow, this can mislead users or downstream automations by fabricating occupancy/attention data outside the expected scope of a display-control skill.

Description-Behavior Mismatch

Low

Confidence: 78% confidence
Finding: The API includes destructive operations such as resolving/removing items and clearing all house-stuff entries, which are broader than the manifest's update-oriented description and can erase information without clear user intent. While not a code-execution issue, this creates integrity risk because an agent authorized to post notices could also silently delete them, reducing transparency and reliability of the dashboard.

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The page sends configured latitude/longitude and timezone data to api.open-meteo.com, which leaks location metadata from a dashboard intended to manage a local TV display. In a home context, precise household location is sensitive and unnecessary third-party transmission expands privacy exposure and creates dependence on an external service.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal