iPlay

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it runs a small local helper to send a user-provided media URL to the iPlay desktop app.

Install this only if you want your agent to open media URLs in your local iPlay app. Treat media links as untrusted, and Windows users should prefer a future version that avoids shell=True for stronger hardening.

SkillSpector

By NVIDIA

Vulnerability Patterns

Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: subprocess.run(["open", iplay_uri], check=True) elif system == "Windows": # Fixed: Quote URI to prevent '&' being interpreted as command separator by shell=True subprocess.run(f'start "" "{iplay_uri}"', shell=True, check=True) else: # Linux subprocess.run(["xdg-open", iplay_uri], check=True) print(f"Successfully sent URL to iPlay: {url}")
Confidence: 95% confidence
Finding: subprocess.run(f'start "" "{iplay_uri}"', shell=True, check=True)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill documentation indicates execution of a local Python helper script and reliance on shell-capable behavior, but the manifest does not declare corresponding permissions. Undeclared execution capability is dangerous because it hides the true trust boundary from users and reviewers, and any URL-handling skill that launches local scripts can become a vector for unsafe command execution or unexpected system interaction if later expanded or incorrectly implemented.

VirusTotal

VirusTotal findings are pending for this skill version.