Cca Domain3

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Claude Code study skill that teaches configuration workflows, with some normal caution needed around project edits and MCP setup.

Safe to install as a learning aid. During the practical exercises, review edits to CLAUDE.md, .claude/, and .mcp.json before committing them, use only trusted MCP servers, and keep real API keys or tokens out of shared project files and logs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs users to configure an MCP server with environment-variable expansion but provides no guidance on secret handling, scoping, or redaction. In a configuration/workflow skill that encourages hands-on setup, this omission can lead users to expose API keys, tokens, or other credentials in project files, logs, or shared team configuration.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal