Security audit

ip-lookup

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward IP lookup skill that makes disclosed live requests to an external IP metadata service, with privacy and custom-endpoint caveats users should understand.

Install only if you are comfortable with live requests to MyIPChecker. Supplying an IP sends that IP to the service; omitting the IP asks the service to identify the caller or runtime public IP and return related location/network metadata. Avoid the --base-url option unless you intentionally trust the alternate endpoint.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill explicitly instructs the agent to execute a shell helper script for live requests, yet no permissions are declared to make that capability visible and reviewable. Hidden shell capability increases risk because downstream users and policy systems may not realize the skill can run commands and perform external network access, reducing transparency and oversight.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The script accepts a user-controlled --base-url and then issues a curl request to that destination, which enables arbitrary outbound HTTP(S) requests rather than limiting behavior to the documented MyIPChecker service. In an agent/helper-script context, this can be abused for SSRF-like behavior, internal service probing, or exfiltration to attacker-chosen endpoints if untrusted input can reach this parameter.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill encourages live requests that can reveal the caller's public IP and obtain associated geolocation and network metadata, but it does not warn about this privacy-sensitive behavior or require explicit user consent. This is more concerning in context because the workflow specifically says to omit the IP parameter to fetch caller-IP information, making disclosure of environment/network identity a default-supported action.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The documentation explicitly encourages a no-parameter request that returns the caller's IP metadata, but it does not warn that invoking the endpoint without `ip` discloses the agent/runtime egress IP and associated geolocation/network details to a third party. In an agent skill context, this is privacy-sensitive because users or downstream prompts may trigger the request unintentionally, causing external transmission of identifying network information.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.