DigitalOcean

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed DigitalOcean administration skill, but it can make powerful cloud changes with your API token.

Install only if you want the agent to administer your DigitalOcean account. Use the narrowest practical API token, keep it protected, rotate or revoke it if exposed, and require explicit human approval before create, resize, delete, DNS, billing, or direct API operations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (7)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 94% confidence
Finding: The skill clearly requires reading a local API token file and making outbound network requests to the DigitalOcean API, yet no permissions are declared. This creates a transparency and governance gap: a user or platform may not realize the skill can access credentials and perform live infrastructure actions against an external service.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The documentation includes a droplet destroy operation without any warning, confirmation guidance, or discussion of irreversibility. In an agent context, this increases the risk of accidental destructive actions that can cause permanent service loss and data loss in production environments.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: DNS update and delete operations are shown as routine commands without warning that incorrect changes can immediately disrupt routing, email delivery, and service availability. In automated or agent-driven use, this omission materially increases the chance of outages from mistaken record edits or deletions.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: Snapshot deletion is documented without warning that it may be irreversible and could remove recovery points needed for incident response or rollback. In infrastructure automation, lack of caution around backup deletion materially increases resilience and recovery risk.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The droplet destroy command performs an irreversible destructive action immediately with no confirmation, dry-run option, or force flag. In an agent or automation context, a mistaken invocation, prompt injection, or parameter mix-up could permanently delete production infrastructure and cause service outage or data loss.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: Deleting DNS records without a warning or confirmation can immediately disrupt routing, email delivery, or service discovery. In an agent-driven tool, accidental or adversarially induced invocation could cause domain hijack-like symptoms or outages by removing critical records.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: Image/snapshot deletion is destructive and may remove backup or recovery artifacts needed for restoration or forensics. Without pre-action confirmation, a user or agent can accidentally erase important recovery points, increasing impact during incidents or outages.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal