Gradient Knowledge Base

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed DigitalOcean Knowledge Base and Spaces management tool with expected cloud credentials, network calls, and user-invoked delete actions.

Use a dedicated DigitalOcean project or bucket, minimally scoped tokens, and a virtual environment. Review commands before running delete operations, because KB and Spaces deletes affect remote resources. Do not index documents you would not trust DigitalOcean's KB and inference services to process.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (7)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill requires sensitive environment variables and clearly performs networked operations against external DigitalOcean endpoints, yet the skill declares no explicit permissions. That mismatch weakens user consent and reviewability because operators may not realize the skill can read credentials and transmit data off-host.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 86% confidence
Finding: The description emphasizes building RAG pipelines, but the documented behavior also includes listing, showing, creating, and permanently deleting knowledge bases, plus LLM synthesis calls. This under-describes destructive and broader remote actions, increasing the risk that a user invokes account-modifying or data-destroying operations without informed consent.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The CLI exposes `--delete` as a one-step destructive action and immediately executes deletion once `--kb-uuid` is supplied, with no confirmation prompt, dry-run mode, or extra acknowledgement flag. In an agent or automation context, this increases the risk of accidental or prompt-induced irreversible data deletion, especially because the script manages remote cloud resources.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: RAG mode transmits the user's query and retrieved knowledge-base content to an external inference service, which can expose sensitive internal data if operators assume retrieval stays local. In a knowledge-base tool, this is contextually more important because retrieved documents may contain proprietary or regulated content, and the CLI does not provide an explicit warning, consent gate, or redaction control before forwarding that material.

Unpinned Dependencies

Low

Category: Supply Chain
Content: # Python dependencies for the gradient-knowledge-base skill # Install in a virtualenv: pip install -r requirements.txt requests>=2.31.0 boto3>=1.34.0
Confidence: 94% confidence
Finding: requests>=2.31.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # Python dependencies for the gradient-knowledge-base skill # Install in a virtualenv: pip install -r requirements.txt requests>=2.31.0 boto3>=1.34.0
Confidence: 93% confidence
Finding: boto3>=1.34.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High

Category: Supply Chain
Confidence: 88% confidence
Finding: requests

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal