ApeWisdom Reddit Scanner

Security checks across malware telemetry and agentic risk

Overview

This is a simple read-only Reddit market-sentiment scanner that contacts ApeWisdom and prints results.

Install only if you are comfortable with the skill contacting ApeWisdom for live data. Treat the output as informational market-sentiment data, not financial advice, and make sure your Python environment has the requests dependency available.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 94% confidence
Finding: The skill instructs users to run a Python script that fetches live data from the ApeWisdom API, which is a network-capable operation, but the skill metadata does not declare any corresponding permission. Undeclared network access reduces transparency and weakens policy enforcement, making it easier for a skill to access external services without explicit review or user awareness.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal