File Diff

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward local file comparison skill that reads two user-specified files and formats their diff, with no evidence of hidden network, persistence, credential access, or destructive behavior.

Install only if you want a local file-diff helper. Use it with explicit file paths you are comfortable reading into the conversation, and treat generated Markdown as untrusted if the compared files or filenames come from someone else.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill instructs the agent to execute the `diff` shell command on user-supplied file paths, but the skill declares no permissions indicating shell access. That mismatch is dangerous because it hides execution capability from reviewers and policy controls, and if file paths are not tightly constrained it could enable unintended access to sensitive local files through the diff operation.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal