Back to skill

Security audit

Bohrium Project Management

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Bohrium administration skill, but it gives an agent access-key authority to make persistent project, budget, membership, and admin-role changes without clear confirmation safeguards.

Install only if you want an agent to administer Bohrium projects with your access key. Use the least-privileged key available, keep it out of prompts/logs/repos, inspect or verify the remote CLI installer before running it, and require explicit human confirmation before deleting projects, changing members, changing admin roles, changing budgets, recovering members, or renaming projects.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill documents use of environment variables and outbound network/API access but does not declare corresponding permissions. That creates a governance gap: operators and users cannot accurately assess what the skill can access, and an agent may be allowed to exfiltrate credentials or perform remote actions without explicit consent boundaries. In a project-management skill that can mutate remote state, undeclared capabilities are materially risky.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The skill's stated purpose omits several privileged behaviors it documents: renaming projects and changing admin roles. This mismatch can mislead reviewers and users into authorizing a skill for routine project operations while it also supports sensitive authorization changes, increasing the chance of unintended privilege modifications or destructive administrative actions.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill implements project renaming even though the manifest says it should be used for creating/listing/deleting projects, managing members, and setting cost limits only. This capability drift matters because agent users and policy layers may rely on the manifest to understand and constrain what actions a skill can perform; undocumented write actions increase the risk of unauthorized or surprising project modifications.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill documents an endpoint that returns member user IDs, names, emails, roles, and cost information without any privacy or handling guidance. In an agent setting, that omission raises the risk that personal and billing-related data will be retrieved, displayed, logged, or shared more broadly than necessary.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.