Back to skill

Security audit

St Ent Mcp

Security checks across malware telemetry and agentic risk

Overview

The skill appears to match a 699pic enterprise media workflow, but it uses authenticated network access with broad generic media triggers and unclear capability declarations.

Install only if you intend this agent to use your 699pic enterprise account for media searches or download-record tasks. Tighten activation to explicit 699pic requests, use a least-privilege API key if available, and review any request before it sends business queries or account-related data to the service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill instructs use of environment variables containing an API key and calls out direct network access to a remote service, but it does not declare any explicit permissions or capability boundaries. That mismatch can cause the agent or operator to invoke networked actions and secret-bearing requests without clear review, increasing the risk of unintended data exposure or unsafe execution in environments that rely on declared permissions for enforcement.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The invocation text includes broad triggers like '找图片' and '找视频', which can cause the skill to activate for generic media requests outside the intended 699pic enterprise workflow. Over-broad triggering raises the chance the agent routes unrelated user requests into a skill that uses local scripts, environment secrets, and networked enterprise APIs, creating unnecessary exposure and unintended external queries.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/openapi.js:4