ITjuzi

Security checks across malware telemetry and agentic risk

Overview

This is a coherent ITjuzi MCP research skill that needs an API key for its stated data source, with no executable code or hidden persistence, but users should handle the key carefully.

Install only if you trust the ITjuzi MCP endpoint and are comfortable sending your ITjuzi API key through your MCP client. Use a minimally scoped key if possible, avoid pasting long-lived secrets into shared chats, and rotate or revoke the key if you suspect exposure.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill requires users to supply an API key on every call to an online third-party MCP endpoint, but it does not warn about credential transmission, storage, logging, or trust boundaries. This can lead users to expose sensitive credentials to a remote service or intermediary client without informed consent, especially because the workflow normalizes repeated credential submission.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal