Back to skill

Security audit

Blacksnow

Security checks across malware telemetry and agentic risk

Overview

BlackSnow is not clearly malicious, but it needs Review because it produces trading-oriented risk signals while mixing in mock data, weakening HTTPS checks, persisting outputs, and allowing loosely controlled webhook delivery.

Install only for sandboxed evaluation or after code review. Before production use, require verified TLS, remove or clearly label mock data, restrict webhooks to trusted HTTPS endpoints, document permissions and retention, and keep human review between these outputs and any trading, insurance, logistics, or policy workflow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill advertises no declared permissions, yet the analysis indicates file read/write and network capabilities. That creates a transparency and governance gap: operators cannot accurately assess what the skill can access, and hidden capabilities can be abused for unexpected data collection, persistence, or exfiltration.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The declared behavior does not match the detected behavior: persistent local storage, live external data ingestion, and outbound delivery to arbitrary webhook URLs materially expand the skill's attack surface beyond a passive detector. In a skill producing market-relevant risk signals, arbitrary egress and undeclared persistence raise risks of sensitive data leakage, covert exfiltration, misuse of host resources, and unreviewed distribution of generated intelligence.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The module docstring and runtime messages state that the harvester connects to real public data sources and performs live data collection, but two of the three sources returned are hardcoded mock records. In a risk-intelligence or trading context, this can mislead downstream systems or operators into treating fabricated data as real signals, creating integrity and decision-making risk.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The main collection flow presents the skill as harvesting signals across multiple real-world domains, but only Federal Register data is actually collected live while procurement and labor entries are padded with mock data. In this skill's context—producing machine-readable tradable risk primitives—this increases the danger because consumers may act on synthetic records under the assumption they represent current external events.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The helper disables both TLS certificate validation and hostname verification for all HTTPS requests while presenting itself as 'safe'. This allows a man-in-the-middle attacker or malicious proxy to intercept and tamper with supposedly trusted API responses, which is especially dangerous for a data-harvesting pipeline that converts external content into downstream risk signals.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The code explicitly disables hostname checking and certificate verification for the HTTPS request to the Federal Register API. This allows a man-in-the-middle attacker or hostile network intermediary to spoof the remote endpoint and inject or alter harvested data, which is especially dangerous in a pipeline that transforms external data into actionable risk signals.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
HTTPS requests are made with certificate and hostname checks disabled and no warning to users, silently reducing transport security guarantees. In this skill's context, the harvested data is treated as actionable risk intelligence, so tampered responses could poison alerts, trigger bad decisions, or hide real events.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The USASpending harvester performs a POST over HTTPS using an SSL context that disables certificate validation and hostname checking. An attacker positioned on the network could alter returned contract data or inject fabricated awards, compromising the integrity of the risk signal pipeline.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.