Back to skill

Security audit

Uplo Engineering

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-aligned for organizational knowledge access, but it combines broad internal-data export, automatic identity/clearance lookup, activity logging, and remote token-backed MCP access without enough user-facing scoping or disclosure.

Install only if you trust the publisher and the remote service with internal engineering context. Use a scoped token, limit access to least privilege, avoid broad organization exports unless needed, and confirm whether logging, retention, redaction, and audit controls meet your organization’s requirements.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README advertises an `export_org_context` capability as a full organizational context snapshot without any accompanying warning, scoping guidance, or mention of access controls. In an engineering knowledge-management skill, that implies potential bulk export of architecture docs, incident reports, runbooks, and other sensitive internal material, which materially increases the risk of over-collection or accidental disclosure if users enable or invoke it without understanding the sensitivity.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to retrieve identity context at session start, including team assignment, on-call status, repository access, and clearance level, and explicitly notes that production secrets and security-sensitive architecture details may be restricted. Surfacing this sensitivity-linked metadata by default increases privacy and internal reconnaissance risk, especially if users are not warned or if the information is not strictly necessary for the requested task.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The workflow includes logging a conversation summary and associated topics/tools without any disclosure that user research activity may be recorded. In an engineering knowledge skill, those summaries can reveal planned migrations, incidents, dependencies, or other sensitive internal workstreams, creating audit/privacy concerns and potentially exposing strategic or security-relevant activity.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill is configured to launch a networked MCP server and pass a secret API token via environment variables while connecting to a remote URL, but the manifest does not clearly disclose to users that their secret will be transmitted to an external service. This creates a real secret-handling and trust-boundary issue: users may provide credentials assuming local-only operation, while the skill actually enables authenticated remote access to a third-party endpoint.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.