agentic-workflow-automation-p

Security checks across malware telemetry and agentic risk

Overview

This is a local workflow-blueprint generator with one misleading dry-run flag, but no evidence of hidden network access, credential use, or unsafe persistence.

Install only if you are comfortable running a local script that can create or overwrite the output path you provide. Use it in a project or temporary directory, choose a fresh output filename, and do not rely on --dry-run to prevent filesystem writes until that behavior is fixed.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill documentation instructs use of a bundled script and reference file, which implies file read/write capability, but no permissions are declared. This creates a mismatch between the skill’s operational behavior and its declared trust boundary, increasing the risk of unintended filesystem access or unsafe execution in environments that rely on permission metadata for enforcement or review.

Intent-Code Divergence

Medium

Confidence: 98% confidence
Finding: The --dry-run flag is documented as avoiding side effects, but the program still writes the output artifact to disk unconditionally via render(). This can mislead users and calling automation into performing filesystem changes when they explicitly requested a no-side-effects mode, causing unintended file creation or overwrite in orchestration pipelines.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal