Geizhals.at

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Geizhals.at price lookup tool with expected web requests and limited local caching.

Install only if you are comfortable with the skill contacting Geizhals.at and storing fetched public page content in a local cache. For tighter control, use a dedicated cache directory and keep result limits small.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill clearly performs network access and also references a cache directory, which implies local file reads/writes, yet no explicit permissions are declared. This creates a transparency and consent gap: users or platforms may invoke the skill without understanding that it can make outbound requests and persist data locally, which is a real security concern even if the functionality appears aligned with the skill's purpose.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal