Moses Coordinator

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a session monitor, but it can run background processes and execute another script from the user’s home directory without clearly declaring that authority.

Install only if you intentionally want a local session monitor that may run in the background. Before use, review the referenced home-directory Python script, ensure it is owned by you and not writable by others, and prefer a version that bundles or verifies its helper and clearly declares shell/background execution permissions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 94% confidence
Finding: The skill declares no permissions, yet it clearly performs shell-capable actions by launching background processes and invoking an external Python script via subprocess. This mismatch can mislead users and automated policy systems about the skill’s real execution capabilities, increasing the risk of unreviewed code execution.

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The coordinator executes an external script from a fixed path under the user’s home directory, expanding its trust boundary beyond a simple WebSocket monitor. If that external script is modified, replaced, or is less trusted than this component, the coordinator becomes a launcher for unintended code execution whenever a session violation occurs.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal