Back to skill

Security audit

QA Architecture Auditor

Security checks across malware telemetry and agentic risk

Overview

This is a local codebase auditing skill with disclosed repository reads and local report writes, but its reports should be treated as advisory because its own sample output contains overconfident unsupported findings.

Install only if you are comfortable giving the skill read access to the target repository and writing reports to your filesystem. Use read-only git credentials for private repositories, choose an output path you control, avoid running it from directories containing unrelated sensitive files, and independently verify any generated security or compliance conclusions before relying on them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill declares no permissions while its documented behavior clearly includes reading repositories, writing reports, invoking local executables, and making network connections via git clone/fetch. This mismatch is dangerous because users and enforcement systems may trust the manifest's empty permission set, leading to under-informed consent and inadequate sandboxing for a tool that can access local files, write output, execute commands, and contact remote hosts.

Intent-Code Divergence

Medium
Confidence
86% confidence
Finding
_analyze_data_flows reads Path(module['path']) relative to the current working directory instead of anchoring to self.repo_path. If the process runs from an attacker-controlled directory or a directory containing similarly named files/symlinks, the report can be poisoned with data from outside the intended repository, causing cross-directory information exposure and integrity issues in the analysis.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The report claims forensic analysis outputs that are internally inconsistent, which can mislead users into trusting fabricated repository facts and making incorrect QA or governance decisions. In a security-oriented auditing skill, false analytical assertions are especially dangerous because operators may treat them as authoritative evidence for compliance, risk acceptance, or testing prioritization.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The security surface and risk sections assert unsupported authentication, cryptography, database, and network capabilities, creating fabricated attack surface intelligence. In this skill context, that is more dangerous than in a generic document because the tool presents itself as an independent forensic QA/security auditor, so users may allocate effort, approve controls, or sign off risk based on false security claims.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The testing plan prescribes API, database, E2E, accessibility, and performance scenarios that contradict the report's own statement of zero entry points and a repository dominated by markdown and a single script. This can waste audit and engineering resources, obscure real gaps, and create a false sense of rigor by producing impressive but irrelevant recommendations.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The report presents fabricated or unreliable analysis as if it were forensic fact, including treating Markdown documentation as high-complexity executable modules requiring path coverage. In a QA/security auditing skill, this is dangerous because users may trust materially incorrect risk assessments and make testing, governance, or security decisions based on false evidence.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The report asserts a 'serverless' architecture and recommends generic web-app testing patterns that are not supported by the repository contents shown, indicating the skill may generate authoritative-sounding but unfounded conclusions. In the context of an auditing skill, this undermines trustworthiness and can misdirect security review effort away from real risks while creating false assurance.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.