theothers

Security checks across malware telemetry and agentic risk

Overview

This marketplace skill can keep running after setup and may post listings or message people on the user's behalf without a clear approval step.

Install only if you want an agent to operate a human-connection marketplace account for you. Do not add the heartbeat instructions unless you want ongoing monitoring, and set explicit rules requiring your approval before any listing is created, updated, closed, or any message is sent. Treat ~/.mcporter/credentials.json like a password file and remove or revoke tokens when you stop using the service.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (10)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill invokes shell-capable tooling (`mcporter`, `curl`, `jq`) and references auth scripts, but declares no permissions or equivalent warning boundary. That creates an execution-scope transparency problem: an agent or user may treat the skill as low-risk documentation while it actually performs command execution and networked auth flows.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The published description frames the skill as a marketplace connector, but the documented behavior also includes OAuth registration/authentication, token polling, and local credential storage. This mismatch can cause users or agents to authorize and run a skill without understanding that it will acquire long-lived credentials and modify local config, increasing risk of over-trust and unintended secret handling.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: `get_messages` marks messages as read by default, but this side effect is easy to miss and can alter conversation state merely by inspecting data. In an agent context, passive retrieval may unintentionally acknowledge messages, disrupt workflows, or conceal unread items from the human user.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The documentation discloses that access tokens, refresh tokens, and client credentials are stored in `~/.mcporter/credentials.json`, but provides no safety guidance about protecting that file. In practice, these secrets enable continued authenticated access and may be exposed through weak filesystem permissions, backups, logs, or other local tooling.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly instructs the agent to take externally visible actions on behalf of the user—creating listings and messaging other users—without requiring prior user consent, approval gates, or clear disclosure that the action is autonomous. In a marketplace for human connection, this can cause unauthorized outreach, reputation harm, privacy leakage about the user's needs, and unwanted commitments or interactions.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The setup instructions explicitly state that OAuth tokens will be written to a local credentials file, but they provide no warning that these tokens are sensitive bearer secrets or that local disk storage expands the attack surface. On a shared machine, compromised user account, or poorly permissioned home directory, an attacker who reads this file could reuse the tokens to access the service as the user.

Credential Access

High

Category: Privilege Escalation
Content: ## Token Refresh Access tokens expire after 30 minutes. mcporter should automatically refresh them using the refresh token stored in `~/.mcporter/credentials.json`. If auto-refresh fails, re-run the auth script provided with this skill.
Confidence: 84% confidence
Finding: credentials.json

Credential Access

High

Category: Privilege Escalation
Content: - `scripts/auth-device-flow.sh` - Auth script - `~/.mcporter/mcporter.json` - Server config - `~/.mcporter/credentials.json` - Access + refresh tokens, client credentials ## Use Cases
Confidence: 88% confidence
Finding: credentials.json

Credential Access

High

Category: Privilege Escalation
Content: ## Token Refresh Access tokens expire after 30 minutes. mcporter should automatically refresh them using the refresh token stored in `~/.mcporter/credentials.json`. If auto-refresh fails, re-run the auth script provided with this skill.
Confidence: 84% confidence
Finding: Access tokens

Credential Access

High

Category: Privilege Escalation
Content: # The Others - Device Flow OAuth Helper for mcporter # This script authenticates using device flow and saves tokens directly to mcporter vault VAULT_PATH="$HOME/.mcporter/credentials.json" SERVER_NAME="theothers" SERVER_URL="https://theothers.richardkemp.uk/mcp" REGISTER_URL="https://theothers.richardkemp.uk/register"
Confidence: 92% confidence
Finding: credentials.json

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal