Security audit

Simpsons Search

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Simpsons lookup helper with optional character-style prompt tools, and it does not show hidden data access, credential use, exfiltration, destructive actions, or automatic persistence.

Install this only if you want both Simpsons script search and optional character-style prompt helpers. Avoid corpus-building commands if you do not want public script pages fetched and cached locally, keep excerpts short, and do not use the character helpers for deceptive impersonation or uncited long-form reproduction.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 96% confidence
Finding: The skill instructs the agent to read and write local files, access the network, and run shell commands, but it declares no permissions or guardrails. That creates an authorization gap where a reviewer or execution environment may underestimate the skill's capabilities, increasing the risk of unintended file modification, uncontrolled fetching of remote content, or command execution beyond the user’s expectations.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 90% confidence
Finding: The stated purpose is episode and quote lookup, but the skill also supports building character dossiers and generating prompts/style guides to imitate copyrighted characters. This mismatch is risky because operators may approve or invoke the skill for simple search while it actually enables broader content-generation behavior, including potentially policy-sensitive impersonation or copyright-adjacent uses not disclosed in the description.

Description-Behavior Mismatch

High

Confidence: 90% confidence
Finding: The file goes beyond the declared purpose of a Simpsons script search/reference skill by generating a character brief and an 'Improv prompt' for creating fresh lines in a character's style. This capability expands the skill from retrieval into synthetic character-style generation, which increases policy and misuse risk because it facilitates imitation-oriented outputs not justified by the manifest.

Context-Inappropriate Capability

High

Confidence: 95% confidence
Finding: The explicit instruction to 'Write fresh lines inspired by' the character and to match their role, traits, rhythm, and themes directly enables character-style generation. In the context of a script-search skill, this is more dangerous because the capability is unrelated to retrieval and can be used to produce imitation content while leveraging sourced character descriptors to make the output more convincing.

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: This file adds functionality to rewrite arbitrary text as dialogue inspired by a character, which materially exceeds the skill's declared purpose of searching and referencing Simpsons scripts. Scope-expanding generative features are risky because they can be used to impersonate copyrighted characters or evade product/policy constraints under the cover of an unrelated retrieval skill.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The generated prompt explicitly instructs the model to produce fresh dialogue matching a named character's role, traits, rhythm, and themes, which is a character-impersonation capability unrelated to simple script lookup. In the context of a search/reference skill, this hidden generative behavior increases abuse potential for deceptive outputs, policy evasion, and unreviewed content generation.

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: This script materially diverges from the declared skill purpose of searching and referencing Simpsons episode scripts by instead producing a character-style dialogue generation payload. Capability drift like this is dangerous because it hides undeclared behavior from reviewers and users, and in this case introduces impersonation/persona-generation functionality not justified by the manifest.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The code constructs a style guide and explicit instructions to 'Write fresh original dialogue inspired by the character,' enabling persona emulation and synthetic speech generation unrelated to the stated search/reference function. In context, this makes the skill more dangerous because the undeclared feature can be used for misleading impersonation-style outputs and bypasses expectations set by the manifest.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal