Back to skill

Security audit

Bid Watcher

Security checks across malware telemetry and agentic risk

Overview

This bid-monitoring skill mostly matches its stated purpose, but it weakens HTTPS security while collecting data and can persist and email business reports, so users should review it before installing.

Install only if you are comfortable with a scraper that stores bid intelligence locally and may send reports through configured SMTP credentials. Before enabling scheduled runs or email, restore normal HTTPS certificate verification, use a dedicated SMTP app password, restrict recipients, and treat generated reports as potentially sensitive business intelligence.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill declares no permissions while its documented workflow clearly requires environment access, filesystem read/write, network fetching, and SMTP egress. This creates a transparency and governance gap: operators may approve or run it without understanding that it can access secrets, persist collected data, and transmit reports externally.

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The stated purpose is bid monitoring and report generation, but the documented behavior extends to broader web scraping, enrichment of company background and procurement history, historical archival, Markdown generation, and SMTP transmission. That mismatch increases the chance of unauthorized data collection or exfiltration because reviewers and users may not realize the full operational scope.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The code globally disables certificate validation and hostname checking for HTTPS requests, which makes the scraper trust any TLS certificate presented by a remote endpoint. This enables man-in-the-middle interception or tampering of fetched bid pages, so the system could ingest falsified procurement data or leak visited URLs to an active network attacker.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill automatically stores collected bid intelligence and sends reports via email, yet the documentation provides no warning about sensitive-data handling, retention, or outbound transmission risks. In this context, the reports may contain business intelligence, contact details, procurement history, and other potentially sensitive information that could be overshared or misrouted.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The script explicitly disables TLS certificate verification and hostname checking for all HTTPS requests. This makes every fetch susceptible to man-in-the-middle interception or content tampering, allowing an attacker on the network path to inject fake bidding pages, poison collected intelligence, or manipulate downstream reports and decisions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.