Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 70% confidence
- Finding
- Without declared permissions the skill's intent is opaque and cannot be validated.
blender-add-on-development
Security checks across malware telemetry and agentic risk
Overview
This is a coherent Blender add-on development helper that only generates local scaffold files when the user runs its script.
Install only if you want a Blender development helper that can create local add-on scaffold files. Choose the output directory carefully, avoid --force unless you intend to replace existing scaffold files, and review generated Python before running it in Blender.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Rogue AgentSelf-Modification, Session Persistence
- MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)
Self-Modification
High
- Category
- Rogue Agent
- Content
parser.add_argument( "--force", action="store_true", help="Overwrite existing files in an existing add-on directory.", ) return parser.parse_args()- Confidence
- 85% confidence
- Finding
- Overwrite existing file
Self-Modification
High
- Category
- Rogue Agent
- Content
if existing: names = ", ".join(path.name for path in existing) raise FileExistsError( f"Refusing to overwrite existing files: {names}. Use --force to overwrite." ) write_text(- Confidence
- 85% confidence
- Finding
- overwrite existing file
VirusTotal
65/65 vendors flagged this skill as clean.