Back to skill

Security audit

Metered Data Fetch

Security checks across malware telemetry and agentic risk

Overview

The skill is openly for paid data access, but it tells agents to initiate and cache account login automatically before use.

Install only if you are comfortable letting the agent use the SettleMesh CLI for authenticated, metered data calls. Before use, prefer setting an API key yourself or manually approving login, check the account and billing implications, and require confirmation before any paid or side-effecting call.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The skill explicitly tells the agent to avoid stopping on authentication failures and to launch `settlemesh login` itself, which can trigger browser-based session establishment without a clear prior user approval step. That creates a risky automation boundary: the agent is encouraged to acquire or refresh authenticated access on the user's behalf, potentially causing unintended account linkage or spending enablement.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The stated purpose is metered data fetching, but the skill also instructs the agent to initiate browser login and create cached authenticated sessions, which extends its capability into credential acquisition/session establishment. That broader authority is dangerous because it lets the agent take account-authentication actions that may persist beyond the immediate task and enable future paid API usage.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill directs the agent to start interactive authentication and browser approval without a strong user-facing warning that this will establish a cached authenticated session and may enable subsequent paid calls. In context, this is more dangerous because the same skill is explicitly designed for metered, billable API access, so silent session setup can lead to unexpected spending or credential delegation effects.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.