Security audit

Bid Watcher

Security checks across malware telemetry and agentic risk

Overview

This bid-monitoring skill mostly matches its stated purpose, but it weakens HTTPS security while collecting data and can persist and email business reports, so users should review it before installing.

Install only if you are comfortable with a scraper that stores bid intelligence locally and may send reports through configured SMTP credentials. Before enabling scheduled runs or email, restore normal HTTPS certificate verification, use a dedicated SMTP app password, restrict recipients, and treat generated reports as potentially sensitive business intelligence.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill declares no permissions while its documented workflow clearly requires environment access, filesystem read/write, network fetching, and SMTP egress. This creates a transparency and governance gap: operators may approve or run it without understanding that it can access secrets, persist collected data, and transmit reports externally.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 88% confidence
Finding: The stated purpose is bid monitoring and report generation, but the documented behavior extends to broader web scraping, enrichment of company background and procurement history, historical archival, Markdown generation, and SMTP transmission. That mismatch increases the chance of unauthorized data collection or exfiltration because reviewers and users may not realize the full operational scope.

Context-Inappropriate Capability

Medium

Confidence: 98% confidence
Finding: The code globally disables certificate validation and hostname checking for HTTPS requests, which makes the scraper trust any TLS certificate presented by a remote endpoint. This enables man-in-the-middle interception or tampering of fetched bid pages, so the system could ingest falsified procurement data or leak visited URLs to an active network attacker.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill automatically stores collected bid intelligence and sends reports via email, yet the documentation provides no warning about sensitive-data handling, retention, or outbound transmission risks. In this context, the reports may contain business intelligence, contact details, procurement history, and other potentially sensitive information that could be overshared or misrouted.

Missing User Warnings

Medium

Confidence: 99% confidence
Finding: The script explicitly disables TLS certificate verification and hostname checking for all HTTPS requests. This makes every fetch susceptible to man-in-the-middle interception or content tampering, allowing an attacker on the network path to inject fake bidding pages, poison collected intelligence, or manipulate downstream reports and decisions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.