Security audit

PatSight-MolVision

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it sends user-selected molecular images to PatSight for OCSR, then saves local results and reports.

Install only if you are comfortable sending the selected molecular structure images to PatSight or a trusted configured endpoint. Use a dedicated PatSight token/account if possible, avoid passing passwords directly on the command line, and keep the default API URL unless you intentionally trust another endpoint.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 87% confidence
Finding: The skill declares access to environment variables and describes network and file output behavior, but there is no explicit permission declaration or user-facing capability boundary. This can mislead operators about what the skill can do, reducing informed consent and making secret access, outbound transmission, and local writes less auditable.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The README explicitly recommends passing a token, account, and password on the command line. Command-line secrets are commonly exposed through shell history, process listings, audit logs, CI logs, and terminal recordings, so this guidance can lead users to leak PatSight credentials or reusable API tokens. In this skill’s context, the risk is heightened because the credentials grant access to an external account-backed service rather than being one-time local values.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The invocation text is broad enough that the skill may activate for ordinary uploaded-image requests, not just when the user explicitly wants third-party OCSR processing. In this skill's context, that increases the chance that sensitive research or proprietary chemical structure images are sent externally without sufficiently explicit user intent.

Missing User Warnings

High

Confidence: 95% confidence
Finding: The skill states that it calls the PatSight API but does not clearly warn users, at invocation time or in a prominent privacy notice, that uploaded molecular images are transmitted to an external third-party service. Because these images may contain confidential R&D, patent, or trade-secret material, undisclosed external transfer creates a meaningful data exposure risk.

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The script sends local image files and authentication material to remote services without any runtime consent prompt or prominent disclosure in the code path. In an agent-skill context, users may assume local processing, so silent transmission of potentially proprietary molecular structures increases confidentiality risk.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The script sources credentials from environment variables and also accepts account/password on the command line, but does not warn that these secrets may be exposed through shell history, process listings, or agent telemetry. In a hosted agent environment, this can unintentionally leak credentials beyond the intended service interaction.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal