Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 70% confidence
- Finding
- Without declared permissions the skill's intent is opaque and cannot be validated.
doc-sync
Security checks across malware telemetry and agentic risk
Overview
This skill is a disclosed documentation helper that edits project docs and stores user-supplied change summaries locally.
Install this if you want an agent to help maintain documentation and local change history. Review any docstring or README edits before committing, and avoid logging secrets, proprietary rationale, or sensitive paths in KB summaries because they are retained locally under .gemini.
SkillSpector
By NVIDIA
Vulnerability Patterns
- MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
- MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)
Tp4
High
- Category
- MCP Tool Poisoning
- Confidence
- 98% confidence
- Finding
- This is a mismatch because the declared primary purpose is a context-aware documentation generator that syncs docstrings, Go comments, and README content based on code changes, but the actual code does none of that. It does not inspect source files, detect code changes, generate or update documentation, or modify README/doc comments. Instead, it only logs supplied change summaries to local storage (ChromaDB or a JSONL fallback). The KB logging portion aligns with part of the description, but the main advertised functionality is absent, making the description materially inaccurate.
VirusTotal
62/62 vendors flagged this skill as clean.